‘The First 90 Days’ by Michael D. Watkins is a powerful guide for any leader stepping into a new role. Whether you’re the one transitioning into a new job or a manager looking to onboard a new hire effectively, the book offers invaluable insights and a robust framework for success.
This post contains affiliate links, which means I may receive a small commission, at no extra cost to you, if you make a purchase using these links.
Key Themes and Concepts
The key message is that the initial phase in a new role is a crucial period of learning, adaptation, and building credibility. Watkins outlines a ten-step plan that can be modified and applied to your specific situation. He stresses the importance of securing early wins, adapting your strategy to the situation, learning as much as possible, and forming alliances.
The First 90 Days Plan
A successful transition doesn’t happen overnight. Here’s a recommended breakdown:
- 7 Days: Understand the company culture, norms, and key stakeholders. Start building relationships with your team and stakeholders. Begin identifying what a ‘quick win’ might look like in your role.
- 30 Days: Develop an understanding of the strengths and weaknesses of your team. Identify strategic goals and start defining your plans for achieving early wins. Keep communicating effectively and openly with your team and superiors.
- 60 Days: Achieve your first ‘quick win’. This could be solving a pressing problem or improving a process. Begin implementing longer-term strategies and making more significant changes, if needed. Regularly solicit feedback.
- 90 Days: By now, you should be well-established in your role. Continue to build on early successes and adjust your strategies based on feedback. Maintain open lines of communication and keep demonstrating your value and impact.
Advice for Managers
For managers helping new hires transition, ‘The First 90 Days’ offers excellent insights. Be open and communicative about expectations. Foster an environment where new hires can ask questions, solicit feedback, and seek guidance. Provide them with necessary resources and support to understand the company culture, their role, and the team dynamics quickly. Take a look at these other resources I recommend for management transitions.
Applying The First 90 Days to InfoSec Leadership
Information security leadership involves not just managing people and processes, but also handling complex technological ecosystems and navigating rapidly evolving threats. Therefore, the transition into an InfoSec leadership role requires additional considerations.
In your first week, understand the current security posture of the organization. Get an overview of the systems in place, the security policies, and the most pressing security concerns. Schedule one-on-one meetings with your team members to understand their roles, concerns, and ideas for improvement. Also, set up time with leaders of other departments to understand how InfoSec can better support their objectives.
In the first 30 days, perform a thorough risk assessment. Identify the most critical assets, understand the potential threats, and determine the existing controls. You should also familiarize yourself with any regulatory requirements relevant to your industry and ensure that compliance is maintained. Begin setting the security strategy for your team based on your findings.
By day 60, start implementing changes based on your risk assessment and strategy. This might involve adjusting security policies, implementing new tools, or strengthening incident response plans. Communicate these changes to all stakeholders and provide necessary training to your team.
By the end of 90 days, you should have a strong foundation in place and a clear vision for the future of InfoSec in the organization. It’s a good time to measure the impact of the changes made and adjust course if necessary. Consider a formal review with your team and superiors to communicate the progress made and the roadmap ahead.
Remember, InfoSec is not an isolated function but interwoven throughout an organization. A successful InfoSec leader is one who not only has a deep understanding of security but also possesses the skills to influence and collaborate with other teams to build a culture of security.
Your thoughts and experiences
As always, I encourage comments and discussion. If you have moved into a new leadership role recently or onboarded new managers, share your experiences and how you applied or wish you had applied the strategies from ‘The First 90 Days’.