The Convergence of Project Management and Cyber Security

Cyber security initiatives involve complex layers of technology, policy, and compliance that often span multiple departments and stakeholders. Traditional security models—once siloed and heavily IT-driven—are no longer sufficient. This is where project management steps in as a bridge between technical teams, executive leadership, and compliance officers.

Cheyanne Mallas emphasizes the importance of clear communication, structured milestones, and stakeholder alignment. “Cyber security isn't just a department—it’s an organizational culture. My job is to ensure that every part of the company moves in sync toward securing its digital assets,” she explains.

Initiating the Project: Defining Scope and Risk

Every successful cyber security project starts with a well-defined scope. This involves identifying key business assets, understanding potential threats, and analyzing current vulnerabilities. As Mallas notes, “Scoping is not just a technical discovery—it’s about understanding what matters most to the business and what the organization can’t afford to lose.”

At this stage, risk assessment plays a crucial role. Project managers collaborate with CISOs and risk officers to evaluate the impact and likelihood of various threat scenarios. This risk-based approach helps prioritize efforts and allocate resources more efficiently.

Planning: Building the Roadmap to Resilience

Once the scope and risks are defined, detailed planning begins. Cheyanne Mallas adopts a hybrid approach, combining traditional Waterfall methods for high-level strategic planning with Agile frameworks for implementation phases. This ensures adaptability without losing sight of long-term goals.

Key elements in the planning phase include:

• Resource Allocation: Assigning roles to team members with the right blend of technical and analytical skills.

• Budget Management: Balancing cost control with the need for up-to-date tools and skilled personnel.

• Timeline Development: Establishing clear deadlines for penetration testing, system audits, policy updates, and training rollouts.

• Compliance Mapping: Aligning tasks with standards like GDPR, NIST, or ISO 27001.

“Project plans in cyber security must be flexible, but not vague. The threats evolve fast, so our response strategy must be agile enough to pivot, yet structured enough to stay accountable,” says Mallas.

Execution: Coordinating Action Across Teams

Execution is where planning becomes reality. From deploying endpoint security solutions to conducting employee phishing simulations, the project manager ensures that all moving parts operate in harmony.

Cheyanne Mallas highlights the importance of cross-functional coordination. “A vulnerability patch may start in the IT department, but its effectiveness depends on user adoption, training, and ongoing monitoring. That’s why we maintain continuous alignment through daily standups, weekly reviews, and real-time dashboards.”

Regular communication is vital. Mallas relies on tools like Jira, Confluence, and Microsoft Teams to track task progress, manage dependencies, and facilitate transparency among stakeholders.

Monitoring: Ensuring Compliance and Performance

Project management in cyber security doesn’t stop at implementation. Monitoring performance, detecting anomalies, and ensuring compliance are ongoing responsibilities.

Key Performance Indicators (KPIs) such as mean time to detect (MTTD), mean time to respond (MTTR), and compliance audit scores help quantify success. Cheyanne integrates these metrics into project dashboards to provide stakeholders with continuous visibility.

“Data-driven decisions are crucial,” she notes. “If a particular control isn’t reducing risk as expected, we want to know right away and adjust our approach.”

Closing the Loop: Post-Implementation Reviews and Knowledge Transfer

The closeout phase in cyber security projects involves more than ticking off a checklist. It’s about institutional learning. Cheyanne Mallas conducts thorough post-mortem reviews to capture lessons learned, document challenges, and refine protocols for future projects.

She also ensures that documentation is thorough and accessible, enabling knowledge transfer across teams. “What we learn today informs how we protect tomorrow. Every completed project is a building block for better security maturity.”

The Human Element: Training and Culture

One of the most overlooked aspects of cyber security is the human factor. According to Mallas, “You can implement world-class technology, but if users aren’t aware of phishing risks or password hygiene, the entire system is at risk.”

As part of her project plans, she incorporates regular training modules, simulated attacks, and employee engagement strategies to build a security-first culture. These efforts pay off by reducing accidental breaches and improving the overall threat landscape.

Final Thoughts: Leading with Structure and Agility

Cyber security threats are not slowing down. In fact, as digital transformation accelerates, so does the attack surface. The role of a project manager in this space is more critical than ever.

With leaders like Cheyanne Mallas applying rigorous project management principles to cyber initiatives, organizations can transform their approach from reactive to proactive—building resilience through structure, agility, and strategic foresight.

As Mallas aptly puts it: “In cyber security, the goal isn’t perfection—it’s progress, awareness, and the ability to adapt quickly. Project management is how we get there.”