A new Chief Information Security Officer (CISO) must establish a security-focused ecosystem in an organization by gaining a thorough understanding of the business and its industry, developing trust with leadership, recognizing the company culture, making security a team sport, and thinking and acting strategically. To build trust with the board, the CISO needs to align with current strategies, deliver on promised projects, and understand the business's goals. Understanding the organization's culture is also crucial for security practices to be adopted, and it requires shifting existing cultural norms towards openness and collaboration. The CISO must communicate clearly with employees at all levels, regardless of their position, and advocate for security as a benefit to the bottom line, not an operating expense.