Guide to Careers in Cyber Project Management
A central tenet of cybersecurity is that its practices should be applied to every component of an enterprise’s information technology (IT) and communications systems. Cyber project management is a focus area within cybersecurity that reflects this principle, as it represents a merger of operations and processes involved in traditional IT project management with systems and network security concerns.
Professionals in the field of cyber project management perform many of the same functions as IT project and program managers, overseeing the procurement, installment, and maintenance of hardware, software, mobile devices, and other components of an enterprise’s IT infrastructures while also ensuring the security of those infrastructures and compliance with relevant regulations pertaining to information and systems security. This may include deploying human, material, and financial resources to meet IT project benchmarks for a business, organization, or client, tending to supply chain issues, overseeing security audits and tests on project components, and/or working to maintain the operational capabilities and security of IT systems.
Cybersecurity project management is also a field in which professionals commonly serve as liaisons between technical and administrative personnel within an organization. In this way, cyber project management integrates and aligns information and systems security functions with broader enterprise aims and organizational imperatives.
Employment Opportunities in Cybersecurity Project Management
Cyber project and program managers are generally part of an organization’s larger IT and cybersecurity operations. They typically work in tandem with other cybersecurity specialists (penetration testers, risk analysts, legal advisors, system and database administrators, security officers, procurement managers) to manage enterprise IT systems while ensuring those systems meet designated cybersecurity standards. It is important to note that security and privacy standards often vary by industry and may require specific domain expertise.
In the healthcare sector, for example, entities are subject to Health Insurance Portability and Accountability Act (HIPAA) information privacy and protection regulations. Banks, financial service companies, and businesses that issue credit cards are subject to data security standards (PCI DSS) set by the Payment Card Industry Security Standards Council. On the other hand, defense industry contractors who conduct business with the federal government must adhere to Defense Federal Acquisition Regulation Supplement (DFARS) cyber and information security standards.
Thus, there are employment opportunities for professionals who have training in IT systems and cybersecurity project management throughout the economy, including in the banking and finance sector, in the healthcare industry, among manufacturing, retail, and technology companies, and in many other fields in which IT systems are an integral component and information security is an important concern. There are also opportunities in the public sector, among government agencies that rely on IT project managers who are trained in the principles and practices of cybersecurity, as well as with cybersecurity companies that provide cyber project management services to clients in the private and public sectors.
Among the designations that are common for those who work in this field are:
- Computer/Software Product Support Manager
- Cyber Program Manager
- Cyber Project Manager
- IT Project Manager
- IT Program Security Auditor
- Cybersecurity Technical Project Manager
Knowledge, Skills, and Abilities (KSAs) for Cybersecurity Project Managers
Cybersecurity project management requires technical knowledge of computer and information technology (IT) systems and their constituent parts, combined with managerial skills and the ability to oversee budgeting, personnel, and material resources. The specific KSAs needed to be a successful project manager in the field of cybersecurity depend on the types of projects that require management and oversight, as well as on the industry or sector of the economy in which a project manager is employed. For example, the IT infrastructure, information security needs, and regulatory compliance requirements for financial institutions differ from those in the healthcare sector.
As a result, the cybersecurity issues and IT project management concerns in the financial sector are not the same as those in the healthcare industry. Moreover, IT project management and cybersecurity measures in finance and healthcare differ from those employed by defense contractors and cybersecurity professionals working in retail or manufacturing. Despite the industry-specific nature of cybersecurity systems and IT project management, there are a number of fundamental proficiencies that have applications throughout the field of cybersecurity. These include a general understanding of IT systems and computer networks, such as hardware, software, databases, and other common components of cyber systems, and a knowledge of information security principles and practices.
In addition, cybersecurity project managers typically must be able to communicate effectively with both the business and technical sides of an organization, as well as with internal stakeholders and outside vendors. Managing cybersecurity projects, as well as IT projects in general, is a process that involves identifying and assessing IT and security needs, estimating costs, setting deadlines, mitigating short- and long-term risks, and following projects through to their completion. Thus, cyber project managers are commonly tasked with coordinating the actions and activities of internal IT staff and/or independent contractors in order to assure that existing cyber infrastructures are secure and operational, and to ensure that new components are properly provisioned and integrated into existing infrastructures without creating security gaps or undue risk exposure.
The National Initiative for Cybersecurity Education (NICE) maintains a Workforce Framework for Cybersecurity that lists dozens of KSAs for cybersecurity project managers. The sections below draw on the NICE Framework and on actual job listings for cybersecurity and IT project managers to provide an overview of some of the more common KSAs that are valued by employers in this field.
General Technical Knowledge
- Cloud-based technologies and information management systems
- Computer networking concepts and network security methodologies
- Cybersecurity functions, including encryption, access control, and identity management
- Enterprise information technology systems
- Import and export regulations regarding IT components, encryption technologies, information security software, and other cyber systems
- New and emerging information technology (IT) and cybersecurity products
- Processes for performing audits of information technology (IT) programs and projects
- Relevant portions of the Federal Information Security Management Act (FISMA), the Health Insurance Portability and Accountability Act (HIPAA), the Sarbanes–Oxley Act, the Gramm–Leach–Bliley Act, and other federal and state laws and regulations pertaining to cybersecurity
Project Management Knowledge and Skills
- Ability to serve as a liaison between technical and non-technical employees and stakeholders
- Applying Capability Maturity Model Integration (CMMI) concepts to cybersecurity projects
- Budgeting, workforce planning, and overseeing the acquisition of necessary materials
- Experience managing multiple projects concurrently
- Negotiating operational-level agreements (OLAs) among IT systems stakeholders
- Understanding contract language and common supply chain management issues
- Technical communication and writing experience
- Tracking, coordinating, and prioritizing enterprise-wide IT and computer systems equipment and access needs
- General business acumen and experience with program staffing
- Strong written and verbal communication skills
- Team leadership and interpersonal skills
Training and Credentials in Cybersecurity Project Management
While cyber project management certainly requires technical training in cybersecurity concepts, computer networks, and the various components of enterprise IT systems, it is a profession that also draws heavily on business acumen and managerial expertise. There are several ways to cultivate cyber project management skills, including through on-the-job training and experience in IT systems management. Employers typically look for cyber project managers who hold a minimum of a bachelor’s degree and have one year or more of work experience on the IT side of business operations.
Bachelor’s, Master’s, and Graduate Certificate Programs in Cybersecurity Project Management
Students who are interested in cyber project management can prepare for a career in this field by majoring in business while also cultivating computer programming skills, or by majoring in computer science/information technology while also taking business courses. There are also many accredited colleges and universities that offer bachelor’s in cybersecurity degree programs. These programs can prepare graduates for entry-level work in the field of cyber project management.
Individuals who have already earned a bachelor’s degree can receive training at the graduate level in Master of Science (MS) degree programs in cybersecurity, digital forensics, and other cyber specializations, as well as in Master of Business Administration (MBA) programs that offer a cybersecurity specialization. Some MBA programs offer specializations in cybersecurity and project management and allow students to complete both while earning their degree.
There are also graduate certificate programs that give eligible students who hold a bachelor’s degree the opportunity to study cybersecurity and cultivate career-oriented proficiencies in one or two semesters rather than the four or five semesters that is common for a master’s program. These are all options that can prepare students for various types of careers in cybersecurity, including in the field of cyber project management.
Professional Credentials and Certifications in Cybersecurity Project Management
In addition to academic programs in cybersecurity, there are private for-profit and non-profit industry groups that offer certification and credentialing programs that can be helpful in gaining the skills needed for a career in cyber project management. For example, the SANS Institute, a private, for-profit information security training and credentialing organization, offers Global Information Assurance Certification (GIAC) programs in many cybersecurity specializations, including GIAC Certified Project Manager (GCPM). The SANS Institute also has training courses available in IT Project Management and other topics relevant to cyber project management.
Another credential that targets cyber project management skills is offered by the Security Industry Association (SIA). The SIA is an industry trade organization that provides education, training, and other support services for security professionals, including the Certified Security Project Manager (CSPM) certification, a credential designed specifically for cybersecurity project managers. This credential and other certifications related to cyber project management are listed below.
- Certified Security Project Manager (CSPM), offered by the Security Industry Association (SIA)
- Information Technology Infrastructure Library (ITIL) Managing Professional, offered by Axelos
- GIAC Certified Project Manager (GCPM), offered by the SANS Institute’s Global Information Assuring Certification (GIAC) program
- Project Management Professional (PMP), offered by the Project Management Institute (PMI)
Examples of Jobs in Cybersecurity Project Management
The examples below are meant to provide a representative overview of the types of jobs that are available in the field of cyber project management. The details for each example are drawn from actual employment listings.
Cybersecurity Technical Project Manager
- Primary Responsibilities: Manage multiple IT projects with cybersecurity goals in mind; prepare recommendations on cybersecurity initiatives; recommend staffing and quality improvement plans; and develop and present cybersecurity program status reports to senior management.
- Education: Bachelor’s degree in computer science, computer engineering, or a related field required; MBA preferred.
- Credentials: PMP certification preferred.
- Prior Experience: 8 or more years in IT/cyber project management or a related field.
- Technical Proficiencies: Experience with boundary and end-point protection intrusion prevention systems (IPSs), firewalls, anti-virus software, and email, web application, and cloud security tools and protocols.
- Other Attributes: Exceptional oral and written communication skills; and eligibility to obtain a Public Trust Security Clearance.
Cybersecurity Project Manager
- Primary Responsibilities: Manage the scheduling and delivery of cybersecurity services to clients; and coordinate resources across multiple organizations in order to align project requirements with business goals.
- Education: Bachelor’s degree or four or more years of relevant work experience.
- Credentials: PMP certification preferred.
- Prior Experience: None specified for applicants who hold a bachelor’s degree and meet other requirements.
- Technical Proficiencies: Familiarity and experience managing projects using both the agile and waterfall frameworks for project delivery; knowledge of identity and access management security protocols, and threat and vulnerability assessment methods; penetration testing; and experience working with PC and software applications, including Windows and Microsoft Office.
- Other Attributes: Excellent verbal and written skills for internal and external customer communications; problem solving skills; and the ability to negotiate effectively at all levels.
Cybersecurity Audit and Compliance Manager
- Primary Responsibilities: Develop and implement a comprehensive cybersecurity program; assure the security of technical and programmatic data; and design templates for cybersecurity systems that comply with federal cybersecurity controls, requirements, directives, and contractual requirements.
- Education: Bachelor’s degree in a relevant field.
- Experience: 10 or more years of experience in cybersecurity and/or systems engineering project/program management.
- Credentials: Certified Information Systems Security Professional (CISSP) credential or eligibility to apply for CISSP certification within six months of hiring required.
- Technical Proficiencies: Knowledge of US Department of Defense (DoD) security protocols and risk management frameworks, and proficiency with DoD Assessment & Authorization (A&A) tools.
- Other Attributes: Strong writing skills; strong verbal communication skills; technical writing experience; and adeptness at interfacing and working with government agency representatives and independent contractors.
IT Audit Associate Manager
- Primary Responsibilities: Support IT audits to ensure sound security principles are in place; identify opportunities to improve control practices; perform data analytics using AuditBoard; assist in the planning, execution, and reporting of security audits; and investigate cybersecurity incidents as needed.
- Education: Bachelor’s degree in business administration, information systems, or a related field preferred.
- Experience: Four or more years of internal audit department or IT risk advisory in cybersecurity or IT management.
- Credentials: Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), or Certified Information Security Systems Professional (CISSP) preferred.
- Technical Proficiencies: Experience creating dashboards or analyzing large sets of data using Tableau and Alteryx; familiarity with cybersecurity, privacy, and cloud computing concepts; and understanding of IT process and control frameworks.
- Other Attributes: Excellent written and verbal communication skills; ability to interact with employees at all levels of an organization, including members of senior management; detail oriented with strong organizational skills; and the ability to multi-task and meet deadlines.