Notes to my successor

1. As you sit down, take a look around. Like the desk? The view? Good. Enjoy it.

2. You will have roughly 30 days of goodwill if you’re humble enough. Use it wisely, mingle. Socialize. Schmooze.

3. About a month in, people will ask you for risk assessment. What they want is someone to make a decision for them. Yes, even CIOs. Don’t ask.

4. You have hopefully either read my InfoRisk Manager’s Handbook or brought your own RA methodology. Keep it SIMPLE!

5. 40+ page word document explaining risks in detail without giving clear and useful recommendations will not go far. Make it PowerPoint.

6. If you want things to get done, make it easy to understand in less than 1 minute per slide. Show you can manage risks by managing people.

7. Always manage upwards. Sometimes manage expectations. Never think you can manage downwards.

8. Someone will always question your risk ratings and treatment recommendations. Either you’re quick thinker or you prepare plenty of documentation.

9. Two months in, start blaming me for whatever is not there. By six months on your new job, stop blaming me. Take it on the chin.

10. If you think I didn’t leave you enough collateral to work on and continue what I started: look for an easier role.