不管怎样，蜜月期都是短暂的，所以一定要想方设法干好最初的100天。这会给你今后在公司的这个职位上定下一个基调，所以千万别把时间浪费在思 考要做些什么和构思如何具体去做上面。这一般来说都意味着要查明和弥补一些大的缺陷，对整个机构或规定程序作修改（向更好的方向），并且最后还要确定业绩 目标。
明确安全问题到底在公司的事务中处于什么地位是非常有必要的，因为这样才好按顺序评估。也许是渗透测 试，也许是扫描，也许是社会工程实验；最有可能上述所有的一起。一定要记住，过了大概100天，任何问题都会归咎在新的安全小组，所以一切的遗留问题都得 尽快找到。隐瞒情况，粉饰太平是没有任何好处。
头一百天中另一个重要任务就是为安全计划制定实施步骤，这是安全操作的基础。这意味着要合高层会晤，以找出他们想要保护些什么以及为什么要保护。把整个计 划展示给这些权力大佬们看看也是很有用的，他们通常会推动某些方面的动作，这就给你带来了好处。威信建立起来了以后，再去寻求对保护数据所需的项目或程序 的支持就容易多了。不过安全经理成功的很大一部分都在于和公司行政官的会晤。如果他们不知道你是谁，也不知道你在干些什么，那么你就做错了。
Congratulations, you are the new security manager. Maybe you lost a bet or drew the short straw. Or maybe you like the thrill of a big challenge.
Whatever the circumstances, the honeymoon period ends quickly, so it’s critical to make sure the first 100 days are optimally spent. This will set the tone of your working career in this organization, so it’s essential that no time is wasted in figuring out what needs to be done and implementing a plan detailing how to do it. That typically means identifying and fixing some of the biggest holes, making some organizational or process changes (for the better) and, ultimately, establishing a track record of meeting objectives.
Keep in mind that the regime change happened for a reason. Maybe the previous security manager lost the confidence of the team, or maybe he or she didn’t get enough done or didn’t let anything happen at all. Odds are there are issues that need to be dealt with, and it’s up to you and your team to start making progress.
Basically, the first 100 days can be broken down into four distinct areas of focus:
Baseline — It’s important to figure out how security really stands at the company, so some kind of assessment is in order. Maybe a pen test, maybe a scan, maybe a social engineering experiment; most likely all of the above. Keep in mind that after about 100 days, the blame for any problems will fall on the new security team, so all of the residual issues need to be found as soon as possible. There is no benefit to sugarcoating the situation.
Triage — Now that the baseline is established, the leaky buckets can be plugged. That means moving quickly to remediate the most obvious, easiest and cheapest issues. Finding a few quick wins is absolutely critical during the first 100 days. Those issues may not be the highest profile or even the most important, but by getting them fixed, it informs the organization’s senior management team that you get things done successfully and on schedule.
Evangelize — Another key task for the first 100 days is to set the stage for a structured security program that will underlie security operations. That means meetings with executives are in order to figure out what they want protected and why. It also makes sense to present the entirety of the program to the power brokers in the organization; they will likely push back on some aspects, and that’s fine. As credibility is built up, it’ll become easier to get support for the projects and processes that are important to protecting data. But a big part of finding success as a senior security manager is to get face time with the corporate executives. If they don’t know who you are and what you are doing, then you are doing it wrong.
Plan the next steps — The last thing to do during the honeymoon is to build a plan for the rest of the year. Senior managers like to see the team working on a plan. The underlying security program provides the structure, so the remaining task is to define some milestones and then start tracking progress against those milestones.
Starting off on the right foot for the first 100 days is critical. It is the first (and possibly the last) opportunity to set a tone of achievement and accountability with the senior team. If it’s done right, executives will consider security to be a key initiative for the organization, and that’s what every security manager strives for.