HomePublicationsCommanding the Crisis: An Interim CISO's 90-Day Roadmap to B...
CISO Leadership

Commanding the Crisis: An Interim CISO's 90-Day Roadmap to Boardroom Confidence

✎ Kieran Sky 📅 2025-05-12 🎓 CISSP, CISM, CRISC, CCSP
📖 Read Online (Flipbook) ⬇ Download PDF
Abstract

When an organisation faces a cybersecurity crisis — whether a significant breach, regulatory enforcement action, or the sudden departure of security leadership — the appointment of an interim CISO requires a fundamentally different approach than permanent leadership transitions. The interim CISO must simultaneously stabilise immediate threats, establish credibility with the board and executive team, and lay foundations for sustainable security improvement, all within a compressed timeline that typically spans ninety to one hundred and eighty days.

This paper presents a battle-tested framework developed through multiple interim CISO engagements across Tier 1 financial institutions, providing a structured approach to the first ninety days that has consistently delivered boardroom confidence and measurable security improvement. The framework is organised into three thirty-day phases: Assess and Stabilise (Days 1-30), Remediate and Build (Days 31-60), and Transform and Sustain (Days 61-90).

Phase one focuses on rapid situational assessment, including evaluation of existing security controls, team capability assessment, identification of immediate vulnerabilities and compliance gaps, and establishment of communication channels with key stakeholders. The paper provides specific templates for initial board presentations that establish credibility while managing expectations about timeline and resources.

Phase two addresses the most critical remediation activities identified during assessment, the establishment of security governance frameworks, and the development of a strategic roadmap that will guide the organisation beyond the interim engagement. Phase three focuses on building sustainable security capabilities, recruiting or developing permanent leadership, and transitioning from crisis management to strategic programme execution. Throughout all phases, the paper emphasises the critical importance of board communication, providing frameworks for translating technical security concepts into business risk language that resonates with non-technical executives.

Table of Contents
  1. 01The Interim CISO Challenge
  2. 02Phase 1: Assess & Stabilise (Days 1-30)
  3. 03Rapid Security Posture Assessment
  4. 04Phase 2: Remediate & Build (Days 31-60)
  5. 05Security Governance Framework Design
  6. 06Phase 3: Transform & Sustain (Days 61-90)
  7. 07Board Communication Frameworks
  8. 08Stakeholder Management Strategies
  9. 09Transition Planning & Legacy
K

Kieran Sky

CISO & Strategic Cyber Consultant · CISSP, CISM, CRISC, CCSP

27 years securing financial services · Big 4 pedigree (Deloitte, PwC, EY, KPMG) · Zero breaches managing £500B+ in assets

https://www.kie.ie · LinkedIn

Privacy Policy

Effective Date: 1 March 2026

Kieran Sky operates kieransky.co.uk. This policy explains how we collect, use, and protect personal data.

Data Collected: When you submit the contact form, we collect your name, email address, organisation, and message content. We do not collect data through cookies or tracking technologies beyond essential site functionality.

Purpose: Personal data is used solely to respond to your enquiry. We do not sell, share, or transfer your data to third parties.

Legal Basis: Processing is based on your consent (form submission) and our legitimate interest in responding to business enquiries, in accordance with GDPR.

Data Retention: Contact form submissions are retained for a maximum of 24 months, after which they are securely deleted.

Your Rights: Under GDPR, you have the right to access, rectify, erase, or restrict processing of your personal data. Contact info@kieransky.com to exercise these rights.

Contact: info@kieransky.com

Terms of Service

Effective Date: 1 March 2026

By accessing kieransky.co.uk, you agree to these terms. This website is provided for informational and professional engagement purposes only.

Intellectual Property: All content, frameworks, and trademarks on this site are the intellectual property of Kieran Sky. Reproduction without written permission is prohibited.

Professional Disclaimer: Content does not constitute legal, regulatory, or financial advice.

Governing Law: These terms are governed by the laws of England and Wales.

Contact: info@kieransky.com

Cookie Policy

Effective Date: 1 March 2026

kieransky.co.uk uses minimal cookies to ensure essential site functionality. We do not use advertising cookies, tracking pixels, or third-party analytics.

Essential Cookies: Required for basic website operation. These cannot be disabled.

Your Choices: You can control cookies through your browser settings.

Contact: info@kieransky.com

Accessibility Statement

Effective Date: 8 March 2026

We are committed to ensuring digital accessibility for all users. This site is designed to conform with WCAG 2.2 Level AA standards.

Measures Taken: Semantic HTML, keyboard navigation, ARIA landmarks, sufficient colour contrast, focus indicators, and accessible forms.

Feedback: If you encounter accessibility barriers, please contact info@kieransky.com.