A guide to winning friends and influence during your first 90 days in an InfoSec leadership role
So, you’ve taken the plunge. You’ve accepted a new leadership role in IT security and have a shiny new title (CIO, CISO, CDO, BISO, VP of Security, IT Director) to put on your Linkedin profile. First of all, congrats! Your hard work has earned you a seat at the table where strategic decisions are made. You’re likely excited about what the future holds—leading a new team, applying your learnings from past roles, shaping the security culture, and more. At the same time, there’s a nagging fear of the unknown…what skeletons will you find in the closet? What messes will you inherit? What does the current state of IT governance really look like?Â
‍
Most leadership coaches will tell you that your first 90 days are critical. In this stage, you need to focus on learning as much as you can, establishing credibility and trust, building relationships, and developing your strategic plan. Here are five ways Nudge Security can be an indispensable tool to help you make a positive impact in your first 90 days, and beyond.
‍
When you’re new to a company, or a role, you don’t know what you don’t know—and that can get you in trouble. This snippet from the first episode of our CISO interview series, Overshadowed, captures this well:
Â
‍
“9 times out of 10 when I was in trouble, it was because I didn’t know about something.”Â
—Ed Amoroso, Former CISO and founder of TAG Infosphere
‍
The last thing you need in your first 90 days is to be blindsided by an incident stemming from some dark corner of the attack surface that even the existing team had forgotten about (or didn’t know about in the first place). One of the best ways to mitigate this risk is to ensure you have a full inventory of all the technology in use in the organization, along with an understanding of what is actually visible externally (i.e. discoverable by attackers).
‍
Nudge Security provides the inventory you need in minutes (literally) in our free trial. Our patented SaaS discovery method requires just a single integration point with your Google Workspace or Microsoft 365 email provider, and uses the system-generated emails from SaaS, IaaS, and PaaS providers to build a full inventory of every account ever created by anyone, for any app. You can’t protect what you can’t see—so do yourself a favor and start your new role with a solid understanding of what’s out there.
‍
It can be hard to get the budget you need for security, even during the best of economic cycles. In times like now, when every expenditure is scrutinized, establishing a strong relationship with your CFO (or whoever holds the purse strings) from the get-go can go a long way towards helping you secure the resources you need.
‍
Remember that SaaS inventory mentioned above? Not only does it help you gain an understanding of what needs to be protected, it’s also likely to be happy hunting grounds for cost savings. As we’ve written before, Nudge Security helps you reduce wasted SaaS spend in 5 key ways:
‍
Just picture the smile on your new CFO’s face when you present them with a list of potential cost-saving opportunities from unused or underutilized technology resources. This is a great way to demonstrate that you are thinking beyond just your own immediate scope, and keeping the big picture of the needs of the business top of mind.
‍
There’s no shortage of survey data and employee turnover statistics to show that IT and security practitioners are perpetually at risk of burnout. And, the alarming pace of SaaS sprawl is making this problem worse. One of the best ways to build rapport with your new team is to help them spend less time on tasks they dread, and more time on interesting, strategic projects that move your security program, and the business, forward.
‍
So, as their new leader, it’s worth digging in to understand what those dreaded tasks are. How much time are they spending on employee offboarding? What about vendor security reviews? Or, figuring out who introduced the random app that others are now requesting access to? While each of these items is small on its own, they add up to hours of monthly work that no one would describe as fun or interesting.
‍
What if you could automate these tasks? And, what could your team accomplish with the hours they’d get back? Good news: Nudge Security includes playbooks to automate tedious (but necessary) tasks like user access reviews, employee offboarding, and more.Â
‍
‍
One of the most difficult challenges in a new role is figuring out where to focus first. Every week, you’ll learn about new problem areas and urgent priorities from across the business. This is where you need to step back and look at the big picture of which items can have the biggest impact the fastest. And, which are most aligned with the strategic objectives of the business and those you have set out to achieve.Â
‍
When it comes to prioritizing your IT governance efforts, this is another area where Nudge Security is an indispensable tool. Is one of your priorities to get all systems that handle customer data into SSO? Nudge can give you the full picture of where your SSO coverage stands today and track your progress forward. Is “MFA everywhere” on your list? Again, Nudge Security shows you which accounts do (and don’t) have MFA enabled, so you can work down the list of apps based on number of users, business criticality, and other factors. What about cloud governance? Getting all of your AWS accounts into your centralized cloud governance orgs is another worthy endeavor, and Nudge Security can help you get there.
‍
If you don’t know where you are to begin with, it’s very difficult to chart (and measure) your path forward. Nudge Security gives you the information you need to assess your SaaS security posture and make meaningful progress toward improving it.
‍
IT and security teams have gotten a bad rap over the years for being the “department of no,” often leaning too much into risk reduction and avoidance at the expense of agility and employee satisfaction. What if you could instead be the “department of how,” as coined by Ira Winkler in this snippet from our Overshadowed conversation with him:Â
‍
‍
“Cybersecurity should be considering how you do things, not just saying you can’t do something.”
—Ira Winker, CISO, CYE Security
‍
As you start your new role, how can you partner with leaders across the business to understand their objectives, and collaborate on ways to achieve those goals while mitigating risks?
‍
This is exactly the principle that Nudge Security was founded upon. Our product was developed to help security teams gain the visibility and governance capabilities they need to mitigate risks without impeding the pace of the business. Instead of blocking new apps by default, with Nudge Security, you can prompt users to gather context on why and how employees are using them, or nudge them toward approved alternatives. Similarly, you can nudge users to take small, but impactful steps to improve security, like enabling MFA, enrolling apps in SSO, and shutting down accounts they are no longer using.Â
‍
Delivering nudges at the time and place when the information is most useful to employees is far more likely to prompt the security behaviors you want than the annual security awareness training that is easily forgotten. Engaging employees in positive ways is critical to building a healthy security culture, which in turn contributes to a healthy corporate culture. Nudge Security makes it possible to do this at scale.
‍
Our mission at Nudge Security is to help IT and security professionals everywhere regain control over SaaS security and governance, while serving as a valued partner to their peers to move the business forward. Whether you’ve just taken on a new role, or are looking for ways to gain efficiency in your current role, Nudge Security can help. Start a free 14-day trial now to see what it can do for you.