That begins by listening, for my part: Listening to stakeholders and sponsors, understanding their expectations, their ache factors, what has labored previously, what hasn’t and why, what occurred together with your predecessor… Typically “what can I do that will help you?” is just the very best query to ask…
This course of ought to provoke a journey of co-construction of the cybersecurity narrative, and past that, of the agency’s cybersecurity technique.
If goals are shared with stakeholders and sponsors, friction is decreased; over time, enterprise champions emerge who relay the cybersecurity narrative, not as a result of it’s the CISO’s however as a result of it’s theirs.
