When stepping into a new cybersecurity role, my first priority is to evaluate where the organisation stands today and design a practical, risk-driven plan to uplift its security posture. Here’s the phased approach I typically follow:
Contents
🔍 Phase 1: Discovery and Assessment
- Engage with stakeholders across IT, operations, and compliance to understand existing challenges and business priorities.
- Review current security documentation, including policies, incident records, risk registers, and audit findings.
- Conduct a baseline assessment using existing vulnerability scans, SIEM data, and endpoint telemetry to identify immediate risks and monitoring gaps.
📉 Phase 2: Controls and Gap Analysis
- Map existing controls against best practice frameworks like ISO 27001, NIST CSF, or CIS Controls.
- Evaluate key security areas:
- Access Management (MFA, least privilege, admin controls)
- Asset & Configuration Management
- Logging & Alerting Coverage
- Patch & Vulnerability Management
- Security Awareness & Training Programmes
⚙️ Phase 3: Early Wins and Prioritised Improvements
- Identify and remediate quick wins (e.g. weak passwords, exposed services, high-risk misconfigurations).
- Create a 30-60-90 day security roadmap that delivers incremental value while building towards strategic improvements:
- Day 30: Visibility and rapid fixes
- Day 60: Policy and control alignment
- Day 90: Operationalising improvements
📢 Phase 4: Awareness and Training
- Introduce or refine security onboarding, user training, and phishing simulations.
- Tailor content to user groups, ensuring relevance and engagement.
- Collaborate with internal teams to embed cyber hygiene into daily workflows.
🔧 Phase 5: Technology Review and Automation
- Evaluate existing security tooling (EDR, SIEM, vulnerability scanners) for effectiveness and tuning.
- Recommend or deploy fit-for-purpose tools that support visibility, detection, and response.
- Leverage scripting and automation (e.g. PowerShell, Bash) to reduce manual overhead, improve reporting, and close visibility gaps.
🔄 Phase 6: Integration and Operational Maturity
- Ensure controls align with operational workflows and don’t introduce friction.
- Work across teams to embed secure practices into BAU activities.
- Promote a collaborative, security-aware culture driven by visibility and accountability.
📈 Phase 7: Continuous Improvement
- Track security KPIs such as MTTD, MTTR, phishing success rate, patch SLAs.
- Schedule regular assessments, tabletop exercises, and control reviews.
- Focus on resilience, not just compliance—keeping pace with evolving threats and business needs.
This approach enables me to assess risk realistically, engage cross-functional teams effectively, and deliver measurable improvements without disrupting core business functions.