Critical Executive Leadership Book Review: Earning Trust and Driving Lasting Impact as a New CISO

Most leadership books in cybersecurity thrive on urgency. Everything is on fire, everything is critical, and you’re supposed to act fast or fail. JC Gaillard’s “The First 100 Days of the New CISO” pushes in the opposite direction and that’s exactly what makes it effective.

Instead of feeding the usual appetite for dashboards, crises, and quick wins, Gaillard argues for something far less glamorous: restraint. Sequence. Credibility. In a profession that often mistakes motion for progress, that’s a surprisingly grounded stance.

The book is built around a deceptively simple moment- the first 100 days in a new CISO role. Gaillard doesn’t treat this window as a sprint to prove your worth. He treats it as a test of judgment. Move too fast and you burn trust. Slow down, listen, and think, and you earn influence that actually lasts. That idea alone feels like a quiet rebuttal to a lot of modern leadership culture.

Structurally, the book is clean and easy to follow. The first six days are about listening and positioning yourself. The first six weeks focus on shaping the strategy. The first six months move into execution and embedding change. It all feels intuitive, yet it subtly challenges the expectation that leaders must make loud, visible changes immediately just to justify their seat.

Gaillard’s tone is calm and confident, but never preachy. You can feel the years of experience behind the writing, especially in the moments where he talks about failed transformations. He doesn’t romanticize cybersecurity work. One of the book’s strongest qualities is its honesty about politics. Security isn’t just about controls and frameworks—it’s about culture, power, incentives, and competing agendas. Ignoring that reality, Gaillard suggests, is how CISOs burn out.

There aren’t traditional characters here, but the organizations themselves feel alive. Boards, executives, and security teams show up as distinct groups with different priorities and pressures. Gaillard is particularly good at showing how a new CISO can navigate those tensions without becoming defensive, isolated, or reactive.

The pacing is intentional, almost slow by design. This isn’t a book you skim for templates or checklists. It asks you to pause. To think. The biggest shift it encourages isn’t tactical- it’s mental. Not “How do I fix security?” but “How do I earn the right to change it?”

While it’s clearly written for CISOs, the lessons land far beyond that role. Anyone stepping into a senior position involving risk, transformation, or governance will recognize the patterns Gaillard describes.

Quietly persuasive and refreshingly grounded, “The First 100 Days of the New CISO” feels less like a how-to guide and more like a compass. If you value credibility over noise, it’s a book worth keeping close.

Amazon link: https://www.amazon.com/dp/B0G1BLTC2L