Final Thoughts

I hope I wasn’t too much of a blowhard throughout the course of this book. I do get passionate about InfoSec and feel strongly about the seven steps I’ve laid out. However, not all of the steps are of equal importance. So if you have time to do only a few of them, focus on the following steps, for which anything less than excellent execution spells trouble for you and your program.

First, step 1, cultivating relationships, will determine the quality of the program you build, as you will be allowed to build only the program your relationships permit you to build. Let this point sink in. Relationships will, by and large, determine your tenure and your success at work. Those who don’t think highly of you are most likely actively undermining you. Your job is hard enough when everyone supports you, so having detractors will make the job grueling. If you have poor relationships with anyone, I recommend pulling out all the stops to mend those as soon as possible.

The next focus area should be step 2, ensuring alignment. If you’re not properly aligned with the company’s culture for risk, or the company’s ability to support your function, then you’re probably building a program the company doesn’t want or need. Being this misaligned will lead to heartache and pain for you and your team. Do your best to realign quickly, following the few simple suggestions I provided in Chapter 5.

Third is the importance and value of having a communications program, step 4. This area cannot ...

Get The Cybersecurity Manager's Guide now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.