What was it like to be the first Chief Security Strategist (CSS)? What would you like to advice the new CSS or aspiring ones for their first 100 days?

I think for any first security hire, the most important thing to do during the first 30 days is to listen, learn, and get very curious about the organization and how it works. In my case, I work for a SaaS company. It's really important that I understand what value is to our customers and how we create it. Security is all about protecting value. So, the first thing I did was figure out what's valuable, what are the potential risks and how I can protect it. In the first 60 days, take an inventory in terms of digital and organizational assets. Talk to the executives and understand what's important to you. What are your business goals? What are you trying to achieve? Frame any sort of security risks and the treatments accordingly. The first 90 days are an opportunity for you to turn the conversation around and accordingly align your communication with executives as well as the employees. Make sure that everyone at the organization understands the importance of security.

0 answers

@IT
Caroline Wong

Caroline Wong, Chief Security Strategist

I think for any first security hire, the most important thing to do during the first 30 days is to listen, learn, and get very curious about the organization and how it works. In my case, I work for a SaaS company. It's really important that I understand what value is to our customers and how we create it. Security is all about protecting value. So, the first thing I did was figure out what's valuable, what are the potential risks and how I can protect it. In the first 60 days, take an inventory in terms of digital and organizational assets. Talk to the executives and understand what's important to you. What are your business goals? What are you trying to achieve? Frame any sort of security risks and the treatments accordingly. The first 90 days are an opportunity for you to turn the conversation around and accordingly align your communication with executives as well as the employees. Make sure that everyone at the organization understands the importance of security.