All articles
BLOG · 6 min read

First 90 Days as a Security Lead

New security leaders fail by trying to fix everything in month one. The job in the first 90 days is to understand, prioritize, and ship one obvious win.

Days 1-30: Listen

Interview engineering, IT, legal, product, support. Map the crown jewels. Read every past incident postmortem.

Days 31-60: Baseline

Asset inventory, identity inventory, current detections, current controls. Score against a real framework (CIS, NIST CSF).

  • Top 5 risks with owner + date
  • Detection coverage vs ATT&CK
  • MFA, EDR, backup coverage %

Days 61-90: Ship one thing

Phishing-resistant MFA for admins, EDR on every endpoint, or backup verification. One visible win builds the trust you need for year two.

Tools mentioned

CIS ControlsNIST CSFATT&CK NavigatorVantaDrata
⟩ takeaway

Credibility before strategy. Ship one boring, obvious improvement before you propose the transformation roadmap.

⟩ keep reading

Related articles