Stepping into a CISO role is one of those moments where the title looks powerful on paper but reality hits fast. You are accountable for everything, you rarely control much, and everyone expects certainty in a space built on uncertainty. The First 100 Days of the New CISO understands that tension deeply. This is not a hype driven cybersecurity book or a technical manual. It’s a soothing, down-to-earth resource for executives who have to work to earn trust in order to implement change.
JC Gaillard structures the book around a simple but effective 6-6-6 framework that mirrors how real influence is built. The first six days focus on listening. Not performative listening, but deliberate observation of people, politics, and patterns. Gaillard makes it clear that rushing into fixes is often the fastest way to lose credibility. These early pages feel especially honest about the pressure new CISOs face to prove value instantly and the discipline required to resist that urge.
Get The First 100 Days of the New CISO: A Leadership Guide to Lasting Impact by JC Gaillard Here!
The next six weeks are about sense-making. This is where the book shines. Gaillard reframes cybersecurity as a narrative problem as much as a technical one. He pushes CISOs to translate risk into business language, align priorities with executive reality, and shape a strategy that people can actually rally behind. There is a strong emphasis on sequencing. What you do first matters more than how much you do.
At the six-month point, the emphasis is on implementation and sustainability. Rather than pursuing a constant stream of new projects, it is recommended in the book that one should instead create a rhythm of implementation. Clear governance, consistent reporting, and distributed ownership become the foundation. Gaillard treats culture not as a buzzword but as something shaped through daily examples and quiet consistency.
What makes this book work is its tone. It does not pretend that the role is glamorous. It acknowledges the politics, ambiguity, and emotional labor of being the person to whom everyone turns when something goes wrong. At the same time, it offers practical tools that feel usable rather than theoretical. Checklists, stakeholder maps, and cadence models are presented as supports, not crutches.
This book is best suited for new CISOs, aspiring security leaders, and even CEOs who want to understand what good security leadership actually looks like. It also reminds you that trust is established prior to any transformation and that it is not actual authority that matters but, instead, a certain kind of influence that is considered real currency in that position. This is a book that is quiet and confident, and pragmatic. It understands the weight of that position and knows how that weight ought to be borne.