Open in app

Sign in

Write

Sign in

Writing on Security | Cybersecurity PMs

Outline Security
3 min readJul 21, 2023

--

In the opinion of this author, my first post sucked… it reads like bad marketing. The objective of this post is to help with finding my voice as a writer. Ideally it doesn’t read like corporate material but rather someone exploring what they do and don’t find interesting in cybersecurity, common issues, and occasionally some research? Anyways, here goes…

Programs Managers for Security Teams

Program managers sometimes get a bad rep in tech, especially from security teams who are often bogged down in alerts, putting out fires, and keeping up with the latest technologies used by “move fast and break things” dev teams. The last thing these overwhelmed teams need is a non-technical person putting additional meetings on the calendar, creating painful Jira busy-work, and needing spoon-feeding of technical information.

However, I recently experienced the joy of having a good security PM assigned to our security organization. The clarity, business alignment, organization, and KPI reporting which a good PM creates has brought a unique clarity and motivation to my work.

Clarity

It’s easy to get caught up in day-to-day issues while working in security. A user complains about a tool you’re responsible for, alerts start coming in, a new technology your developers uses catches your interest, and you maybe write some code working on a security automation project. Before you know it the workday is over and you wonder what did you move forward in the organization that day?

Those type of days quickly become exhausting, repetitive, and sometimes outright depressing. Having a good security PM will help define clear and actionable goals which means that when you’re not firefighting you know exactly what you need to be doing in order to be successful in your role. It’s refreshing and motivating.

Business Alignment

Cybersecurity is a cost center for business. Coupled with the fact that reporting on security program metrics is hard, it can be very difficult for an IC or a security team to justify their business value.

Thankfully as organizations worldwide begin taking security more seriously, security teams are increasingly in a position to be “business enablers”. Security programs can help a companies quickly win new business and trust of customers if they receive X certifications, can show proof of having X controls in place, or enable developers to move quickly & securely.

A good security PM is aware of business priorities and can help ensure security teams are working towards clear goals which align with business & security needs. Alignment with the business and engineering functions reduces unnecessary friction that is all too common with security work.

Organization

A security PM can help take these goals and break them down into sprints/tickets/TODOs or however your team organizes the work. While many security engineers can do this type of work themselves, having someone else asking questions, identifying organizational dependencies , and estimating work capacity can greatly help with planning and ensure realistic goals are set.

If cross-organization collaboration is required a security PM can help communicate and coordinate with relevant stakeholders, allowing security engineers to focus on receiving productive feedback and their own work. This focus is much better than an endless cycle of wading through Slack conversations trying to find an engineer who will be receptive to helping the security team.

Metrics and Reporting

Security PMs can help teams define the metrics they need to report and help surface these reports to the right leaders. Security engineers often struggle with quantifying how they are impacting the business but a good PM will have these metrics defined prior to commencing work on security initiatives.

This makes the annual questions of “why should we give the security organization more budget” or “why should we give team members are raise” much simpler to answer.

Summary

In summary being assigned a good security program manager has been one of the biggest difference makers in my career. A thank you to security PMs is in order.

Otherwise, hopefully this blog post was better than the last. I will try to keep them coming as I think of more… things…

Security
Project Management
Cybersecurity
Vulnerability Management
Security Management

--

--

Outline Security
Outline Security

Written by Outline Security

0 Followers
1 Following

Writing on security

No responses yet

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams