risk3sixty white papers

First 90 Day CISO Checklist and Toolkit

90 Day CISO Checklist and Toolkit


Are you a CISO or security leader new to your role? We created this First 90 Day checklist and tool kit to help you hit the ground running and impress your colleagues. This guide will provide you with the tools you need to ensure a successful onboarding during the first 90 days as a CISO at your new organization.

When you download this asset, not only will you get a checklist for your first 90 days, but you’ll also receive easy-to-use templates for:

  • Creating a team RACI diagram

    Take inventory of the jobs that need to be completed as part of your security program. Identify if those jobs currently have owners or if new individuals need to be assigned. This will also help identify potential program gaps and resource needs. This template provides an organized list of categories and jobs of a typical security team in a RACI format.

  • Building out your security program’s budget

    Begin the process of taking stock in the security programs current spend. This process will help you understand what resources the security program has available, identify potential gaps, and understand the shared budget relationship between security, Information Technology, and Engineering. This template was taken from best practices such as NIST and SANS as a great starting point for a security program budget.

  • Evaluating your security program’s current level of maturity

    Most CISOs begin their tenure by assessing “where they are” and “where they would like to be”. This helps the CISO understand their current program maturity and paint a vision of where they plan to take the company. This template will help you perform a program maturity assessment and generate maturity dashboards to present to your team.

  • Presenting a security program roadmap to your board or executive team

    CISOs will be asked to present their strategy to the board and executive team. The presentation should paint a picture of the future state and demonstrate alignment with key business objectives. This presentation template will serve as a guide for presenting to your leadership team.

  • Evaluating your strengths and weaknesses as a security leader

    Leverage this guide and quiz to discover your strengths, weaknesses, areas where you need support from your team, and types of organizations you best your security leadership style.

  • Building a security team operating system that works and positions you and your team for success

    This guide provides a 5-part system and examples for how to create an operating system for your security team that will position you for success.

Team Specialist

Christian Hyatt

CEO & Co-founder

Christian is the CEO and Co-founder of risk3sixty. Christian is responsible for setting the vision for the team, ensuring the leadership team is “rowing in the same direction,” creating purpose and alignment across the firm, and nurturing company culture. Christian has 15 years of experience advising technology companies to build and improve their cybersecurity programs. Christian works hard to partner with executives to help ensure they have the strategy and tactics to align cybersecurity and business objectives. Under Christian’s leadership, risk3sixty has been named Consulting Magazine’s Best Firms to Work For, Atlanta’s Fastest Growing companies, Atlanta’s Best Places to Work, HireVets Platinum Honoree, and more. Outside risk3sixty, Christian advises technology start-ups on business and growth challenges is an author and, keynote speaker, and Vistage member. Christian has an M.B.A. from Georgia Tech and a B.B.A. from the University of Georgia. Christian is a Georgia Tech Technology and Management (T&M) corporate partner and Advisory Board Member for UGA’s Management Information System Advisory Board.

Speak With An Expert

Let Us Know How We Can Help

Fill out the form and let us know what service you’re interested in; or ask any general question and we’ll get back to you as soon as possible.