I just got offered a new job.<p>I will report directly to the CISO (2 steps from CEO). I've never reported to someone like this before, and have primarily reported to a mid level manager.<p>What things should I keep in mind?<p>Thanks!
High level execs tend to have their attention torn in a million directions at once. This means that how you communicate with them can be very important.<p>1. Always provide context for what it is you’re bringing up and be specific. “Can we get your sign-off on the Foo project?” isn’t very helpful. This puts the burden is on them to context-switch, which they’ll almost certainly have to do in order to grok what you’re talking about. Better would be: “You probably remember how last month we discussed setting up Foo to protect against intrusions like the one detected in June against the Bar cluster. We’re almost done with the project and in order to meet the deadline we just need you to review and approve the BazQuux by Friday.”<p>2. Summarize. You probably could provide a 3-page writeup of the decision making process that went into choosing a vendor, for instance. Your exec probably doesn’t have time to read it. Instead, provide a few short bullets: “We evaluated vendors Foo, Bar, and Baz for the Quux project. Our recommendation is to use Baz for the following reasons: <insert 3 short bulleted sentences>. If an alternative is needed, Foo would also satisfy our critical requirements.” And then just be ready to provide more detail upon request.
At an executive level, knowing about a problem means you are accountable to resolve it.<p>Their job is to use their limited human attention and direction to effect constructive change and hold risk. Notifying them of a problem without a solution attached is the same as creating a problem for them.<p>Often the solution will be to make the source of that problem disappear. The only important things are ones they can do something about by directing or convening people to solve it.<p>Their priority is to maintain degrees of freedom in decision making, and always maintain their leverage in relationships to their stakeholders.
You don't need to understand the details of that as most of it will be invisible to you, but you do need to understand how your work supports the credibility of their commitments and doesn't force their decisions.