Building a Cyber Security PMO

Ravi Narsipur, Director Cyber Security & Risk Management at United Technologies

Ravi Narsipur, Director Cyber Security & Risk Management at United Technologies

1. PMO’s within IT departments run the gamut of being tolerated to loath. A good and well run PMO should seamlessly integrate into an organization and provide a standard process and methodology for the implementation of projects giving transparency and visibility.

2. An argument can be made that Cyber Security departments within organization should embrace idea of having an PMO. Cyber serves an important function with an organization by protecting it from malicious actors and reducing exposure to risk. Given the current climate organization need to protect themselves from these threats. The nature of the work is such that it impacts every aspect of an organization. Cyber security has a people, process and technology impact across an organization. The threat landscape a company faces is constantly changing, and the cyber department has to be able to be on top.

3. Why are Cyber Security projects important? They are important because they work to reduce the organization exposure to risk and are geared towards protecting the organization. Though most organizations consider Security important they don’t want to be involved and look upon the work as something as a necessary evil which is needed. The general attitude is, please protect us as long as it does not cost us anything and does not impact our work. Please minimize the impact on us the get on with it is the general attitude. This creates an environment where Cyber project are done in isolation whether they are Patch management, Zero Trust or Implementation of MFA. This puts pressure on the Cyber department to perform greater communication and education as to why such projects are needed. Cyber Security projects impact an entire organization. Activities such are these are vital for the protection of an organization. Putting them under the umbrella of the general IT PMO results in them competing for resources among other priorities and not given them the attention needed. It much more enticing for the IT department to implement a latest and greatest tool or hardware rather then perform routine Vulnerability scans followed by Patch management.

"The threat landscape a company faces is constantly changing, and the cyber department has to be able to be on top"

4. Well then, the question can be asked why Cyber Security needs a separate PMO. For one thing Cyber Security should be treated as a separate entity and not bundled within general information technology. How will separate PMO help a Cyber Security organization?Though most Cyber Projects are unique in their nature they can use the rigors of the Project Management methodology. Using a standardize project management methodology whether it be a Agile or Waterfall in Cyber projects will make the project data driven and therefore provide a greater amount of transparency to an organization. To a great degree having a PMO within the Security department will allow for directinvolvement of stakeholders from different areas of the organization. It will make the effort more transparent while demystifying Cyber security to the larger audience. Most people feel that of Cyber security is clouded in mystery. Most often they are afraid and view Cyber security as this dark science, which is around hacker, dark web etc largely driven by what the media say. Titles such as Zero Trust also a create an aura. Activities such as Systems Patching or ensuring cleanupof Over Entitlement are examples of a routine task which have significant organizational implications. In such efforts everyone in the organization is affected. It is part of Cyber Hygiene. Effort such as these can be large, cumbersome and very mundane. Leveraging a Cyber specific PMO such work will help in implementation.

5. Are Cyber Security projects that different from other projects, the answer is no. Due to the nature of the work most projects within Cyber Security impact other areas. A Cyber specific PMO will allow for building a process and a methodology specific to Cyber security. It will allow for stakeholders outside the department to be involved and ensure that Infrastructure and Applications have stake. Communication is one of the key areas that a Cyber PMO will be every effective. Given Cyber security is something most people within an organization do not really understand. Having a centralized location for project management, stakeholder communication, status reporting and general awareness will greatly enhance visibility of the work. It will help improve adoption and increase education. The Cyber PMO can also be leveraged to help with training and awareness of Cyber security across the organization. It can integrate with other IT PMO functions and build Cyber Security into their specific projects. Such an organization will allow greater transparency and in the end help with the protection of the organization, help reduce risk which is afterall what Cyber Security should be doing.

Read Also

Leveraging Effective Communications for Strengthening Cybersecurity

Leveraging Effective Communications for Strengthening Cybersecurity

Grant McKechnie, Chief Information Security Officer, Endeavour Group
How To Think Digitally And Transform Your Organization To Win The Digital Customer

How To Think Digitally And Transform Your Organization To Win The...

Dobyl Malubane, CX Business Dev & Strategy Director, Oracle Africa
The Future Of Cloud Is Mobile

The Future Of Cloud Is Mobile

Rudi Strydom, Head of IT Operations, Technology and Architecture, Imperial South Africa
Exploring New Technological Impacts

Exploring New Technological Impacts

Melissa Orchard, Digital Hub & PDC Director, Marketing; CMI, Unilever Africa
The Human Reality Of Cyber Security

The Human Reality Of Cyber Security

Henry Denner, ICT Security Officer, Gautrain Management Agency
Zelle Fraud! Or is it?

Zelle Fraud! Or is it?

Karen Boyer, Vice President Fraud, People's United Bank, N.A.