The first 90 days are critical for a new security leader as they set the foundation for trust with senior leadership and the board. During this period, it's essential to develop a comprehensive understanding of the company's cyber risk landscape and communicate this in alignment with the organization's strategic business objectives.

Metrics and KPIs are vital for demonstrating the effectiveness of a security program. They help track the efficiency of security measures and communicate to the board that cybersecurity efforts align with the company's strategic objectives. However, only 56% of security leaders are actively creating and tracking new metrics, which can hinder continued investment in cybersecurity.

When expanding a security team, it's important to identify current gaps and forecast future skill needs. This involves crafting a hiring roadmap that outlines necessary roles and skills while aligning with the overall security strategy and business objectives. Clear communication of these needs to the board can help secure their support for team expansion.