Company Information /

The First 100 Days of the New CISO: A Leadership Guide to Lasting Impact

first 100 days of the new ciso

A Practical Roadmap for Real and Lasting Change and a Blueprint for the Next Decade of Cybersecurity Leadership

 

When a new Chief Information Security Officer steps into the role, the first 100 days can define their legacy. In “The First 100 Days of the New CISO, seasoned cybersecurity leader and consultant JC Gaillard offers a pragmatic, experience-driven guide to succeeding in those crucial early months — and beyond.

Drawing on over two decades of advising major global organisations, Gaillard helps CISOs, executives, and boards understand what true leadership in cybersecurity looks like: calm, structured, and aligned with business priorities. This is not another technical manual — it’s a leadership guide grounded in governance, culture, and the realities of corporate life.

This is more than a book about the first 100 days. It is a blueprint for the next decade of cybersecurity leadership.

Read the Author’s Summary Here

 

Inside, you’ll discover:

  • How to navigate the first 6 days, 6 weeks, and 6 months with clarity and composure;
  • How to build trust and credibility across stakeholders before driving change;
  • Proven techniques for aligning security with business strategy and governance;
  • How to communicate effectively with boards and executive committees;
  • Why culture, rhythm, and proportion matter more than tools or technology;
  • What differentiates lasting transformation from short-term activity.

Who this book is for:

  • Newly appointed CISOs seeking a structured, strategic start;
  • Experienced security leaders looking to strengthen influence and impact;
  • CEOs, CIOs, and board members who want to understand what effective security leadership looks like;
  • Consultants and governance professionals focused on resilience, trust, and transformation.

 

Structured like a consulting playbook and written in clear, disciplined prose, this book offers the perspective and tools to turn uncertainty into direction — and direction into measurable impact. If you want to lead with confidence, build maturity, and leave a legacy that lasts beyond your tenure, The First 100 Days of the New CISO will show you how.

Buy It Here on Amazon

 

 

 Praise for “The First 100 Days of the New CISO

 

JC Gaillard has been one of the most thoughtful and consistent voices in cybersecurity transformation for over two decades. In this book, he distils that experience into a guide that is structured, actionable, and inspiring. It is the definitive text for any leader serious about making their first 100 days count — and their legacy endure

Chuck D. Brooks

Global cybersecurity thought leader, blogger, and event speaker; Author; Forbes contributor; Adjunct Professor, Georgetown University; President, Brooks Consulting International

 

Few people write about the CISO role with this level of clarity and balance. Gaillard strips away the hype to reveal the discipline, patience, and judgement required to build credibility that lasts. It’s a true leadership guide for an industry that desperately needs one.

Tony Moroney

Top Voice LinkedIn & Thinkers 360

 

JC Gaillard offers a rare perspective that executives can relate to. ‘The First 100 Days of the New CISO’ is more than a technical manual—it’s a leadership guide for navigating complexity with clarity and composure. Gaillard reminds us that credibility is earned through substance, not noise. His insights extend beyond cybersecurity, capturing the cornerstones of boardroom leadership: trust, strategic alignment, and disciplined execution.

Mike Flache

Chair, Digital Growth Collective

 

In any global organization, the first 100 days are less about technology and more about decoding the unwritten rules of power, process, and trust. JC Gaillard captures this truth with striking clarity. He reminds every incoming CISO that security is not an isolated crusade but a function of governance — deeply entangled with culture, hierarchy, and accountability. The brilliance of this book lies in its realism: it doesn’t glorify the CISO as a firefighter, but positions them as an integrator — someone who must learn the rhythm of the enterprise before trying to change its tempo. For anyone stepping into a leadership role in cybersecurity, this is not just a roadmap; it’s a mirror.

Eckhart Mehler

Chief Information Security Officer, GIZ GmbH

 

This book reads like a conversation with a seasoned advisor — calm, proportionate, and deeply insightful. JC Gaillard captures what matters in leading change: governance, trust, and maturity. Every page reflects his decades of experience and his enduring commitment to transformation that lasts.

Andres Ricardo Almanza Junco

Cybersecurity Strategist; Founder & CEO, CISOS.Club

 

It rare to find a step by step guide written by CISO’s for CISO’s in the first 100 days and this is what you have here. This is the best of all worlds- Michael. D.Watkins “The First 90 days” combines with your very own CISO coach and mentor. Cyber security never sits still, the role of the new to organisation CISO often results in the need to lead from the front without all the background and history as to how the organisation got here. This tried and tested guide provides helpful hints and tips from real life situations. No CISO however seasoned should be without their own copy of this. Afterall everyday is a new day in the world of cyber operations !

Cheryl Martin

CISO and Board Advisor, Company 86

 

Jean-Christophe’s book and work is today even more critical and of high value added. With his ongoing research, practice, methodology and very well summarized articles and blogs he enables both CISO and General Management to understand the challenge, changing almost every day. And as the first 100 days in 2025 are certainly significantly more exciting … and dangerous as they were back in 2017 and 2022 ! A CISO is today even more than yesterday the “EERM” Enterprise Emerging Risk Manager. I highly recommend this book and its permanent updates to all risk practitioners, researchers, Middle Managers and C-Level Execs and not limited to IT ! Information Security is everybody’s concern: Operations – Marketing – Communication – HR …

Hans Willert

Partner, Magellan Consulting

 

Having known and worked with JC for the past 20+ years, I always value his pragmatic, action driven advice as it relates to reducing risk and complexity within a dynamic modern business.

As threats evolve and threat actors utilise the latest suite of AI driven tools and methods to perpetuate the attack scenarios, his advice will help any new CISO define strategies for protection. I would advocate that this a must-read for anyone involved in cyber today.

Neil Batstone

VP Sales, UK, France and Northern Europe, Copado

 

Just as wars are too important to be left to generals alone, Jean-Christophe Gaillard emphasises that cyber security is too crucial to be left to an organisation’s IT (Information Technology) department alone.

Rather, cyber security should be dealt with at the board level as a matter of organisational governance, procedures, and discipline, especially in the situations of social engineering, phising, and ransomware, where one single mistake of omissions or commissions by one single individual can ruin the organisation permanently.

Mr Gaillard deals at depth with the contrast between what a newly recruited CISO was told when he was being interviewed for the job vis-a-vis the actual situation which he discovers on taking charge.

The usual reactive practice of firefighting and patching after a breach can be disastrous in the long run.

Instead, a proactive security mentality has to be instilled by the board into each employee as a matter of organisational governance.

Mr Gaillard sets clear goals and objectives, as well as an implementation roadmap with critical success factors, for the new CISO for the first six days, six weeks, and six months.

I highly recommend his book to all CISOs as a practical implementation manual, to be followed rigorously step by step.

Ravi Visvesvaraya Sharada Prasad

Founder, C4Isrt ( Command Control Communications Computers Intelligence Surveillance Reconnaissance Targetting in SAARC ) South Asia Group; Alumnus of Carnegie Mellon and IIT Kanpur; Ranked by Onalytica UK as the 19th most influential thought leader in telecommunications and by the IoT Community as the second most influential thought leader in IoT Internet of Things.

 

 

Buy It Here on Amazon