Professional development

Cybersecurity project manager: Is it the career for you?

Kimberly Doyle
May 10, 2021 by
Kimberly Doyle

A career in cybersecurity has a lot to offer, including a fast-paced work environment with upward mobility fueled by the field’s growing prioritization in board rooms around the globe. Whether you’re looking to advance your current cybersecurity career or considering a switch of industries all together, a cybersecurity project manager could be the perfect fit.

The Project Management Institute (PMI) defines project managers as change agents. “They make project goals their own and use their skills and expertise to inspire a sense of shared purpose within the project team.” Glassdoor ranks the role of project manager #32 on their Top 50 Best Jobs in America in 2021.

FREE role-guided training plans

FREE role-guided training plans

Get 12 cybersecurity training plans — one for each of the most common roles requested by employers.

Now add cybersecurity to that title and you’ve got the allure of cool new tech and rising responsibility as executive teams look to IT for defense against cyber attackers who increasingly wage costly war on organizations of all sizes, in every industry. 

What is a cybersecurity project manager and what does it take to thrive in the job? Jackie Olshack, PMP, a longtime cybersecurity project manager says it comes down to managing risk. “I work to ensure my organization’s critical infrastructure, their assets, things that are critical to the organization’s survival has security built in, preferably from the very beginning.”

Day in the life of a cybersecurity project manager

Project managers work in every type of organization to resolve activities into documented, monitored and controlled tasks. On-time and on-budget are always the goals. For cybersecurity, it’s no different. 

Cybersecurity project managers work to resolve activities that are designed to reduce risk that could be exploited by hackers and help the organization thrive. That may mean overseeing vulnerability management projects, or the need for security patches to be applied in a timely manner. Or, if your organization accepts credit cards, compliance calls for a wide range of requirements to be met and therefore managed. If your organization handles personally identifiable information (PII), you need to take certain steps to ensure that information is always protected.  

Olshack is a cybersecurity project manager for her organization’s Identity Access Management (IAM) efforts, which is all about making sure the right people have the right access to the right resources at the right time.

Security tools, while mission-critical, can also be costly. Leadership wants to know they work as intended so it’s the job of a cybersecurity project managers to “constantly track [IAM] progress, show value and demonstrate ROI,” Olshack says.

What does it take?

Cybersecurity project managers are problem solvers. The dominant trait among most successful people in this role is an ability to navigate seemingly constant change. Because along with change often comes stress, the ability to manage projects and people through stressful times is also important. There are many moving people, parts and processes that come with any one project and ensuring they all move forward together, even during times of uncertainty, is key.

While a computer science or engineering degree isn’t required to work as a cybersecurity project manager, there are numerous cybersecurity project management certification opportunities that will help you get your foot in the door. Some are for project management and others are for IT and security. Both can be beneficial.

PMI offers the Project Management Professional (PMP) certification which provides a methodology and a framework for managing projects successfully. It demonstrates you have the technical skills to manage a project, and a dedication to excellence.

IT Infrastructure Library (ITIL) certification highlights your abilities to manage the IT lifecycle while aligning it with the business. It’s a framework for effective digital service delivery, including best practices for disciplines that include IT Service Management or IT Asset Management.

Certified Information Security Manager (CISM) is a security-specific certification from ISACA that demonstrates your ability to handle a wide array of infosec issues. 

From CompTIA, Security+ certification is another infosec option. It validates basic security skills so you can more effectively navigate your team’s scope of work and understand the potential pitfalls.

According to Olshack, who came from a non-IT, non-project management background, both types are helpful. They helped her understand the function of project management, IT and security service, industry lingo and general thought processes used when approaching new work. They also give her credibility among the teams she works with every day.

Bright future

Like other cybersecurity disciplines, the project manager has a defined career path. At its core, they manage projects. At a more advanced level, the management of other project managers is handled by program managers. There are also functional cybersecurity project managers that both manage an on-time, on-budget project delivery while they also perform some of the work. More advanced technical knowledge is required of course for this role, and it usually represents an increase in compensation over those that don’t project manage.

In larger organizations, you will likely find a Project Management Office (PMO) with a cybersecurity committee. This is where the cybersecurity project manager fits in, alongside those that manage other organizational projects such as engineering, product development and other functional departments. Rather than staffing cybersecurity project managers, some smaller companies will assign standard project managers to cybersecurity needs, as they arise.

FREE role-guided training plans

FREE role-guided training plans

Get 12 cybersecurity training plans — one for each of the most common roles requested by employers.

Regardless of your chosen path, the future for cybersecurity project managers is bright. Many work from home full time, as Olshack has always done, and feel rewarded about the contribution they are able to make to the security of their organization.

“I’ve met so many smart people in my role, she said. “I’ve learned what it takes to run an organization’s security. Our entire team feels great compassion for those companies that we hear about on the news, who have been breached. We talk it out because, at the end of the day, we’re all trying to make sure cyberattacks like Solar Winds don’t happen to us.”

That’s the other plus to being a cybersecurity project manager – in a backwards sort of way. Hackers will always hack. And that equates to both job security and constant challenge.

To learn more about what it takes to become a cybersecurity project manager, watch our Cyber Work Podcast, Project management in cybersecurity with guest, Jackie Olshack, PMP. 



Project Management Institute, Who are Project Managers

GlassDoor, 50 Best Jobs in America for 2021

Kimberly Doyle
Kimberly Doyle

Kimberly Doyle is principal at Kimberly Communications. An award-winning corporate communicator and content strategist, she has focused on enterprise technology for more than a decade. Her consultancy has led her to support in-house corporate communications teams for numerous technology goals including cybersecurity, SaaS and cloud management, data exchange, enterprise pricing and business analytics.