Commanding the Crisis: 90-Day Roadmap to Boardroom Confidence
When a new CISO arrives — or when an existing CISO needs to reset the security function's credibility — the first 90 days determine everything. This paper provides a structured roadmap for commanding the crisis: establishing board-level confidence in the organisation's cyber resilience within a compressed 90-day timeline. The roadmap is structured in three 30-day phases: Assess (understanding the current state, identifying critical gaps, and establishing baseline metrics), Architect (designing and initiating the most impactful improvements), and Assure (demonstrating measurable progress to the board and establishing ongoing governance cadence).
Each phase includes specific deliverables, stakeholder engagement strategies, and communication frameworks designed to build confidence progressively. The roadmap draws on the author's experience of multiple CISO transitions across Tier 1 financial institutions.
- 01The First 90 Days: Why They Matter
- 02Phase 1: Assess (Days 1-30)
- 03Phase 2: Architect (Days 31-60)
- 04Phase 3: Assure (Days 61-90)
- 05Board Engagement Strategy
- 06Quick Wins and Visible Progress
- 07Stakeholder Communication Framework
- 08Sustaining Momentum Beyond 90 Days