How New CISOs Can Earn Executive Trust from Day One

Your first year.
Emily Hill
Contributing Writer
Business way or path or business strategy conceptual illustration with businessman silhouette and thin red line path to the flag as goal or aim. Minimalist vector illustration

Stepping into a Chief Information Security Officer (CISO) role comes with immediate pressure to assess risk, set priorities, and establish credibility. During his session at the Gartner Security & Risk Management Summit in June 2026, Gartner Distinguished VP Analyst Tom Scholtz argued that many new CISOs spend too much time thinking about security and not enough time thinking about the business they’re there to protect.

Rather than offering broad leadership advice, Scholtz outlined several practical techniques that help new security leaders gain traction quickly and build a foundation for long-term success.

Start by Mapping Security to Business Drivers

One of Scholtz’s strongest recommendations was to stop treating cybersecurity strategy as a standalone document. Instead, begin by documenting the organization’s business, technology, and environmental drivers, whether that’s revenue growth, acquisitions, cloud transformation, regulatory pressure, or operational resilience.

Only after those drivers are defined should security initiatives be prioritized.

Every project on the cybersecurity roadmap should clearly map back to one or more of those business objectives. If a proposed initiative cannot be connected to a business driver, Scholtz suggested questioning whether it belongs on the roadmap at all.

This exercise serves two purposes.

  • It helps executives understand why security investments matter.
  • It forces security leaders to validate that their priorities genuinely support the organization’s strategic direction rather than simply improving security for security’s sake.

Build Relationships Through Structured Conversations

Scholtz also challenged the common assumption that strong executive relationships develop naturally. Instead, he encouraged new CISOs to deliberately structure stakeholder engagement during their first months.

That begins with interviewing key executives, including the CEO, CFO, CIO, Chief Risk Officer, Internal Audit, and business leaders, to understand how each defines success and what they expect from the security function. These conversations help eliminate assumptions about the CISO role before they become larger problems.

He placed particular emphasis on the relationship between the CISO and CIO.

Rather than trying to eliminate tension, Scholtz argued that some friction is healthy because security provides oversight while IT focuses on delivering technology capabilities.

The goal is productive tension supported by frequent communication.

He noted that some organizations have moved beyond monthly meetings to weekly, or even daily, standing check-ins between the CIO and CISO, ensuring that communication exists before problems arise.

Measure Value in Business Terms

Because cybersecurity rarely generates direct revenue, demonstrating value requires a different approach than many other executive roles. Scholtz encouraged CISOs to move beyond operational metrics and instead communicate how security initiatives contribute to business outcomes.

He described four ways to frame cybersecurity value:

  • Investment benefits that improve business performance
  • Insurance benefits through reduced risk
  • Indemnity benefits that support governance and regulatory obligations
  • Integrity benefits that improve the reliability and resilience of business operations.

Equally important is how those outcomes are communicated. Rather than relying exclusively on dashboards and statistics, Scholtz recommended using simple narratives that executives can immediately understand.

One example compared security controls to the brakes on a race car: powerful brakes don’t slow the car down, they allow it to go faster with confidence. Likewise, effective security enables organizations to innovate and adopt new technologies without taking unnecessary risk.

Focus Your Time Where It Creates the Greatest Influence

Another practical recommendation centered on stakeholder management. New CISOs often try to win over every executive immediately, but Scholtz advised taking a more targeted approach.

He recommended creating a stakeholder map that evaluates both an individual’s influence within the organization and their attitude toward cybersecurity. Early efforts should focus on executives who have significant influence and are already supportive of security initiatives. Building momentum with these allies creates stronger advocacy before tackling more skeptical stakeholders.

Scholtz also encouraged new CISOs to seek mentors outside the technology organization.

While technical mentors remain valuable, leaders in operations, finance, or other business functions can provide insight into organizational culture, executive dynamics, and decision-making that technical peers often cannot.

The Wrap

Throughout the session, Scholtz returned to one central message:

Credibility is a CISO’s most valuable asset.

Unlike technical expertise, credibility is earned through consistent execution, meaningful business conversations, and demonstrating that security initiatives directly support organizational objectives. By grounding every decision in business priorities, communicating value in language executives understand, and investing in the right relationships, new CISOs can establish themselves as strategic business leaders.

☀️ Subscribe to the Early Morning Byte! Begin your day informed, engaged, and ready to lead with the latest in technology news and thought leadership.

☀️ Your latest edition of the Early Morning Byte is here! Kickstart your day informed, engaged, and ready to lead with the latest in technology news and thought leadership.

ADVERTISEMENT

×
You have free article(s) left this month courtesy of the CIO Professional Network.

Enter your username and password to access premium features.

Don’t have an account? Join the community.

Would You Like To Save Articles?

Enter your username and password to access premium features.

Don’t have an account? Join the community.

Thanks for subscribing!

We’re excited to have you on board. Stay tuned for the latest technology news delivered straight to your inbox.

Save My Spot For TNCR LIVE!

Thursday April 18th

9 AM Pacific / 11 PM Central / 12 PM Eastern

Register for Unlimited Access

Already a member?

Digital Monthly

$12.00/ month

Billed Monthly

Digital Annual

$10.00/ month

Billed Annually

Would You Like To Save Books?

Enter your username and password to access premium features.

Don’t have an account? Join the community.

Log In To Access Premium Features

Sign Up For A Free Account

Name
Newsletters