Lori Keller (Access Point Consulting) | Project management’s role in cybersecurity

Cybersecurity projects don’t just require technical expertise—they demand structured planning, risk management, and coordination across teams. Lori Keller, a practitioner in cybersecurity project management, joins CyberWatch to discuss how strong project management practices drive security success.

Why Project Management Matters in Cybersecurity

Project management is often seen as a logistical function, but Lori argues that it’s critical for achieving security outcomes. “Security projects must meet compliance requirements like PCI and HIPAA, but they also need to be executed efficiently. Good project management ensures that happens,” she explains.

Managing a cybersecurity project isn’t just about timelines and budgets. It requires:

• Understanding security frameworks – Compliance mandates shape how projects are planned and executed.
• Facilitating communication – Project managers bridge the gap between leadership, technical teams, and compliance officers.
• Ensuring proper documentation – Security initiatives must be provable through records and audit trails.

Security by Design vs. Security as a Bolt-On

Despite industry-wide pushes for "secure by design," Lori notes that cybersecurity is still often bolted on as an afterthought. “Threats evolve so fast that even with careful planning, security elements get added in response to emerging risks,” she says. This means that cybersecurity project managers must be flexible, balancing long-term security roadmaps with urgent remediation efforts.

How to Manage a Cybersecurity Project

When starting a security project, Lori emphasizes structured requirements gathering:

1. Define the problem clearly – What risk or compliance requirement is driving the project?
2. Assess constraints – What’s the budget, timeline, and resource availability?
3. Engage stakeholders early – IT, compliance, and business leaders all need alignment on goals.
4. Plan for risk – Anticipate potential roadblocks and document risk mitigation strategies.

A good project manager doesn’t just execute tasks—they facilitate conversations, ensure accountability, and provide leadership throughout the project lifecycle.

Pathways into Cybersecurity Project Management

Lori’s career began in IT, but she gravitated toward project management as technology initiatives became more complex. She encourages aspiring project managers to:

• Learn the fundamentals – Books like Bare-Knuckled Project Management provide a strong foundation.
• Engage with the community – Subreddits and professional groups offer real-world insights.
• Get hands-on experience – Start managing projects, even informally, to develop essential skills.

Final Takeaways

1. Good project management makes security initiatives successful. “It’s not just about tracking tasks—it’s about ensuring security is implemented effectively and on time.”
2. Cybersecurity project management is a dynamic and rewarding career. “If you love technology and solving complex problems, it’s one of the most fulfilling paths you can take.”

Listen to the CyberWatch podcast on Spotify and Apple Podcasts, or watch the episode on YouTube.