“Get to know your organization”
We also received a lot of practical, tried-and-tested advice on how new CTOs can get to know their organization better.
“If possible, a new CTO or CISO should interview the predecessor. Most CTO-led programs are tied to long-term goals with relatively long implementation cycles. The predecessor will provide some unique insight that is often left out of the documentation. If possible, have them introduce you to the other department leaders, executives, and your direct report. Their stamp of approval will make your transition much smoother!”
“Learn the culture. This requires asking a lot of questions and listening intently. I recommend mapping to the McKinsey 7S Framework, if possible. It will help you find your fit and how to best communicate across the organization.”
“I recommend performing a high-level assessment of the current IT capabilities and commitments. There won’t be enough time to get deep into the weeds, but that’s not really your focus. You need to get an understanding of your assets, how things are managed, and understand the cycles of deployment and maintenance. You might find some helpful tie-ins to ITIL or similar.”
“Look for quick wins for your first 90 days. This will create positive synergy in the team, as well as get momentum going.”
“Build your initiatives for the first year but be mindful of requesting too much money or resources. Most organizations have an undefined appetite for change, but when you push too much change in, you will know when you exceeded that appetite.”
“Review all of your 3rd Party Vendor Agreements, along with the MSAs and SLAs. In the post-pandemic world, much of what you are responsible for will not live inside your ecosystem. You need to know what expectations have been set with your vendors. Their breach is your breach.”
—Patrick Kelley,
Founder and CEO at Critical Path Security