Investigation of industry and product threat landscape, regulations

Security evaluation of products, development and delivery infrastructure

Identify sensitive assets, threats, vulnerabilities

Evaluate existing security measures and identify gaps

Risk assessment and triage, evaluation of risk management process efficiency

Identify security strategy to gain market and customer trust, and sell products/services

Identity regulatory compliance and business continuity needs

Deliver a business-focused security roadmap: 12-18 month out

Evaluate existing tools, processes, engineering skills, resources, and identify gaps against roadmap

Identify hiring needs or establish domain specific OKRs