Cheyanne Mallas: Rescuing a Cybersecurity Project on the Brink

The boardroom was tense. A mid-sized healthcare provider had just failed a compliance audit, and regulators had flagged major security weaknesses in their systems. Customer data was at risk, employee morale was sinking, and the CEO feared both reputational and financial fallout. The company’s cybersecurity project—meant to fix these very issues—was months behind schedule, over budget, and dangerously unfocused.

That’s when they called Cheyanne Mallas, a leader known for turning chaos into clarity through disciplined cybersecurity project management.

The Situation: A Project in Crisis

When Mallas arrived, the situation was grim:

• Scope creep had ballooned the project. Instead of focusing on core compliance requirements, the team had tried to overhaul every system at once.

• Poor communication left executives in the dark, IT staff overwhelmed, and employees confused about new policies.

• Technology sprawl resulted in three overlapping monitoring tools, none of which were fully implemented.

• Incident response planning was nonexistent, meaning a real breach could have been catastrophic.

In short, the project was teetering on failure.

Step One: Stabilize and Assess

Mallas’s first move was not to dive into solutions, but to stabilize the project. She conducted a rapid assessment:

• Interviewing stakeholders from every department

• Reviewing project documents and timelines

• Running a fresh compliance gap analysis

• Mapping technology tools against actual needs

Within a week, she presented her findings: the project had lost focus, and unless priorities were reset, it would never succeed.

“We don’t need to do everything at once,” she told the board. “We need to do the right things first—and do them well.”

Step Two: Redefine Scope and Goals

Mallas gathered the leadership team and redefined the project scope using SMART objectives. The new mission:

1. Achieve regulatory compliance within six months.

2. Reduce phishing vulnerability by at least 40% through employee training.

3. Develop and test an incident response plan before the next audit.

Other goals—like advanced AI monitoring or vendor security assessments—were pushed to later phases.

By narrowing the scope, she transformed an overwhelming project into a focused, achievable initiative.

Step Three: Rebuild the Team and Structure

Recognizing that security touches every corner of a healthcare provider, Mallas formed a cross-functional task force:

• IT for system upgrades

• Compliance officers for regulatory oversight

• HR for employee training

• Department heads to ensure adoption of new practices

Weekly meetings replaced sporadic updates. Roles and responsibilities were clarified using a RACI chart (Responsible, Accountable, Consulted, Informed).

For the first time, everyone knew who was doing what—and why.

Step Four: Prioritize Quick Wins

To build confidence, Mallas introduced quick wins:

• Rolling out multi-factor authentication for all executives within two weeks

• Implementing a password manager across staff

• Streamlining monitoring tools down to a single, integrated SIEM system

These visible improvements reassured executives and energized the team.

Step Five: Embed Culture into the Plan

One of Mallas’s key insights is that culture matters as much as technology. She launched a healthcare-specific training campaign, including:

• Phishing simulations tailored to the industry (fake insurance claim emails, fraudulent patient portal notices)

• Workshops for clinical staff on handling patient data securely

• Monthly security newsletters highlighting threats in plain language

Resistance began to melt as employees realized security wasn’t just an IT burden—it was part of their role in protecting patients.

Step Six: Incident Response Readiness

Perhaps the biggest gap was the absence of an incident response plan. Mallas designed a playbook that defined:

• Escalation paths for different types of incidents

• Roles for IT, legal, communications, and leadership

• Recovery timelines and containment procedures

She ran tabletop exercises simulating ransomware attacks and data leaks. By the second drill, the team had cut response time in half.

Step Seven: Continuous Monitoring and Reporting

Mallas emphasized transparency. She built a dashboard showing:

• Phishing click-through rates (falling steadily with training)

• Compliance progress (on track for the next audit)

• Incident response metrics (improving with practice)

Executives received weekly summaries, keeping them engaged and supportive.

The Turnaround: Measurable Results

Six months later, the healthcare provider passed its audit with no critical findings. Metrics told the story:

• Phishing vulnerability dropped by 55%

• Incident response readiness improved from “nonexistent” to “tested and functional”

• Technology costs were cut by eliminating redundant tools

• Employee engagement with training exceeded 90%

What had once been a failing project became a model of security transformation.

Lessons from the Rescue

The case highlights the principles that define Cheyanne Mallas’s approach:

1. Risk-first focus – Prioritize based on actual vulnerabilities and compliance requirements.

2. Scope discipline – Don’t try to solve everything at once.

3. Cross-functional collaboration – Security is everyone’s job.

4. Quick wins – Build momentum through early, visible progress.

5. Culture integration – Technology fails without employee buy-in.

6. Incident response – Plan and practice before you need it.

7. Transparency – Regular reporting keeps stakeholders engaged.

Conclusion

The fictional healthcare provider’s story illustrates a truth Cheyanne Mallas has proven time and again: cybersecurity projects succeed or fail based on management, not just technology.

By bringing clarity, discipline, and a people-first approach, she turned a failing initiative into a resilient program that safeguarded both compliance and patient trust.

For any organization facing the daunting challenge of securing its digital future, her methods are a reminder: strong project management doesn’t just fix problems—it creates lasting security and confidence.