// the first year

What I'd do in my first year as your IT leader.

This is the plan I'd walk into a hiring conversation with. I don't show up and rip things out. Teams build great things under real constraints, and that work deserves respect. The first stretch is listening. Then we reset the operating model together, ship the first wins employees actually feel, harden the security and GRC backbone, and bring AI in deliberately once the foundation is ready. Every time I've done it in that order, it's held.

// the principles

IT as a product.

Operating frame

IT as a product, employees as users, paved roads over policy decks.

Security stance

GRC and corporate security are enablers. Strong controls, never the team that says no.

People posture

Empathy first. Diverse teams, real growth, humans showing up where humans matter, like onboarding, escalations, and anything sensitive.

Phase 01Days 0–60

Listen, learn, and respect what's been built

Walk in assuming the team has done good work under real constraints. Sit with the people who use IT every day, the engineers we partner with, security and GRC stakeholders, and the executives whose goals we exist to support. Map what's actually happening and why before I propose anything change.

1:1s with every team member, plus partners in Eng, Security, People, Finance, and Legal
Ride-alongs in the queue: onboarding, access requests, incidents, audit asks
An assessment of the current operating model: what's working, what's painful, what to protect

Phase 02Days 60–120

Stabilize and align on the operating model

Fix the few things that are actively eroding trust, and align the team on a shared operating model. IT as a product. Employees as users. Security and GRC built in. Changes made with the team, not to the team.

Triage and SLA reset on the top employee pain points (access, devices, onboarding)
Team charter, on-call rotation, and intake model documented and agreed
Baseline metrics live: queue health, time-to-productive, automation coverage, control posture

Phase 03Days 120–210

Ship the first wins employees feel

Pick two or three high-leverage projects that prove the new operating model in production. Real architecture, real controls, real outcomes. Something employees feel in week one and leadership can point to in the next board update.

Joiner / mover / leaver automation tied to HRIS with a clean audit trail
Self-serve access in Slack for the most-requested apps, with approvals routed through systems of record
An employee-facing changelog so people see IT shipping, not just responding

Phase 04Days 210–300

Harden the security and GRC backbone

Make controls continuous instead of seasonal. Vendor and AI risk handled in the same fabric as the rest of corporate security. The team stays an enabler with strong controls, never the team that says no.

Continuous SOC 2 / ISO control monitoring across identity, devices, and SaaS
Vendor review and trust-center workflow that cuts diligence cycles meaningfully
Internal AI usage standard: approved models, identity-aware access, logging, spend visibility

Phase 05Days 300–365

Adopt AI deliberately and scale the function

With the foundation stable and controls in place, bring AI in where it earns its keep: deflecting the routine layer of work like password resets, access lookups, status checks, questionnaire drafts, and knowledge search, so the team can show up as humans on the moments that actually need one. Invest in the people already on the team. Hire deliberately for diverse perspectives and craft. Position Corporate Engineering and IT as a place strong engineers want to work.

Reviewed AI agents in production for support, knowledge, and security questionnaires
The team ships small internal tools, scripts, and Workflow nodes with AI assistance instead of waiting on the engineering backlog
12-month roadmap and hiring plan agreed with Eng, Security, Finance, and People
Career frameworks, growth paths, and an internal reputation shift: IT and Security seen as partners that help the business move faster

// the offer

This plan, tailored to your company, on day one.

The phases above are a starting point, not a script. Bring me into a hiring conversation and I'll walk in with a version of this plan written for your stack, your stage, and the specific problems your team is trying to solve.

Start a conversation Read the manager README