Following on in the series of posts about being an internal IT Security Head, I was talking to a mate today who’s about to start soon as the Regional IT Security Manager for a large global entity.

My thoughts are that you only have 2-3 months max to lay the foundations for how the rest of your time there will be.

Where I am coming from is this:

1. No one knows you yet and what you plan to do and how you do things.
2. Because of this, it’s greenfields and you can assert your position and plans (to a degree within the bounds of good professionalism obviously)
3. Because you are the new IT Security dude and because most in the organisation will have no idea about what you do or what your role is, you can develop the “role” to a large degree yourself. You can get people to buy-into you early.
4. For the first few months, you are treated like an external consultant – the expert brought in to make a difference….so people will listen!

If you spend the first few months just settling in, trying to work in around everyone else, being everyone’s mate and worrying about how you’ll do things in the future – you’re lost…..game over and you’ll be in that miserable job where you complain that no one listens, cares or gives little attention to you. Assert your role upfront and the chances of it being that better job are good! The chance of you making a difference will be much better! Wait, and the ability to make change and a difference will be tougher. People settle into other people and this sets how they deal with each other for the future. Becoming a proactive go-getter after people have “settled” in with you is a tougher assignment.

Hey….sounds like I am preaching but it’s close to fact from my experience. (This is for all jobs – not just our industry) . Have a think about it. As usual, open to your thoughts, comments and criticisms.