Cheyanne Mallas Reshaping Cybersecurity Project Management

Cybersecurity has always been a dynamic field, but the pace of change today is unprecedented. As new technologies emerge and threat actors grow more sophisticated, the role of cybersecurity project management is evolving from tactical oversight to strategic leadership.

Cheyanne Mallas, a seasoned expert in the discipline, believes the next five years will fundamentally redefine how security projects are conceived, managed, and measured. In this analysis, she outlines the five trends she sees as most transformative—and how organizations can adapt.

1. Security Will Be “Baked In” from Day One

For years, security has too often been an afterthought in digital initiatives. A product would be designed, built, and deployed—only for the security team to be brought in later to “harden” it. Mallas predicts that this reactive model will finally give way to security by design.

“In the future, every project—whether it’s a new app, a cloud migration, or a data analytics rollout—will have cybersecurity considerations integrated from the very first planning meeting,” she says.

This shift means cybersecurity project managers will work more closely with product owners, developers, and business analysts. It also requires broader skill sets: an understanding of secure coding practices, data privacy requirements, and threat modeling during the design phase.

Implication: Organizations will need project managers who can navigate both traditional PM disciplines and the DevSecOps pipeline.

2. The Rise of Adaptive and AI-Driven Security

The days of static security controls are numbered. Mallas foresees a future dominated by adaptive security systems that use artificial intelligence and machine learning to respond to threats in real time.

Instead of relying solely on predefined rules, these systems will continuously learn from network behavior, detecting anomalies and adjusting defenses on the fly. Cybersecurity project managers will need to understand:

• How to select and implement AI-enhanced tools

• How to integrate them with existing monitoring systems

• How to avoid pitfalls like algorithmic bias or false positives

“AI can be a force multiplier for defenders,” Mallas says, “but it has to be deployed with transparency and strong oversight.”

Implication: Project managers must balance innovation with governance, ensuring AI tools enhance security without introducing new risks.

3. Regulatory Complexity Will Multiply

From the EU’s GDPR to the U.S.’s sector-specific regulations and new privacy laws in Asia-Pacific, the compliance landscape is already challenging. Mallas expects it to grow more fragmented and demanding.

“Regulatory compliance won’t just be a box to tick—it will be a continuous, multi-jurisdictional effort,” she explains.

Cybersecurity projects will increasingly involve legal and compliance teams from the start, and project managers will need fluency in both security frameworks and regulatory requirements. The ability to harmonize compliance efforts across geographies will become a valuable skill.

Implication: Organizations should invest in compliance-aware project management processes and training to keep pace with evolving laws.

4. Third-Party and Supply Chain Security Will Dominate the Agenda

The SolarWinds attack and similar breaches have made it clear: an organization is only as secure as its vendor ecosystem. Over the next five years, Mallas predicts that supply chain security will move from a niche concern to a top-tier project priority.

Cybersecurity project management will need to account for:

• Vendor risk assessments during procurement

• Contractual security requirements in vendor agreements

• Continuous monitoring of third-party systems

• Incident response plans that include external partners

“Your defense perimeter doesn’t end at your firewall anymore—it extends into every partner, supplier, and contractor you work with,” Mallas warns.

Implication: Vendor risk management will be built into the core phases of security projects, not handled as a separate audit.

5. Cultural Resilience Will Be the Ultimate Security Metric

While technology will advance rapidly, Mallas insists that human factors will remain the most important element of cybersecurity.

“You can deploy the most sophisticated tools in the world, but if an employee clicks the wrong link or ignores a policy, you can still be compromised,” she says.

She believes that measuring cultural resilience—the ability of an organization’s people to recognize and respond to threats—will become as important as tracking technical vulnerabilities. Cybersecurity project managers will need to integrate ongoing training, simulations, and awareness campaigns into every initiative.

Implication: Metrics will expand beyond system performance to include employee engagement, simulation results, and policy adherence.

How Project Managers Can Prepare for These Shifts

According to Cheyanne Mallas, the future of cybersecurity project management will demand a blend of strategic foresight and operational agility. Her recommendations for professionals in the field include:

1. Broaden Your Knowledge Base – Learn about AI, secure software development, and emerging compliance frameworks.

2. Build Cross-Functional Relationships – Work closely with developers, legal teams, and operations from the start.

3. Develop Vendor Oversight Skills – Treat supplier security as a core PM responsibility.

4. Measure Culture – Incorporate human behavior metrics into project success criteria.

5. Stay Agile – Adopt iterative planning methods that can adapt to sudden changes in threats or regulations.

The Strategic Role of Cybersecurity Project Management

Mallas emphasizes that as these trends converge, the role of the cybersecurity project manager will be elevated.

“We’re not just overseeing deliverables anymore—we’re helping shape the organization’s ability to survive and thrive in a threat-driven world,” she says.

In her view, cybersecurity PMs will increasingly act as strategic advisors, translating between technical, business, and regulatory worlds while ensuring projects deliver real, measurable risk reduction.

Conclusion

The next five years will bring a seismic shift in how organizations approach cybersecurity projects. From embedding security into every initiative to managing AI-driven defenses and complex global compliance requirements, the demands on project managers will grow more diverse and more strategic.

Cheyanne Mallas is confident that with the right skills, frameworks, and mindset, cybersecurity project managers can not only keep pace with these changes—they can lead them.

In an environment where threats are constant and consequences are severe, the ability to manage security as a strategic, integrated business function will be a decisive advantage. And for Mallas, that’s not just a prediction—it’s a mission.