What Should a Project Manager Know About Information Security?
Many information security jobs need candidates with strong project management skills in addition to technical skills. Effective project management is especially important where a lack of organization or planning could mean a compromise of data.
But what is information security and what do project managers need to know about it? Information Security (IS) is defined as the preservation of confidentiality, integrity and availability of information by the International Organization for Standardization (ISO) while the Information Systems Audit and Control Association (ISACA) explains that information security ensures that only authorized users (confidentiality) have access to accurate and complete information (integrity) when required (availability).
By understanding the information security practices of confidentiality, integrity and availability, project managers can help to ensure that their projects do not introduce their organization to unneeded risk or expense.
Join the May Pittsburgh PMI Chapter meeting where we will welcome a panel of industry experts who will answer your questions about working as a project manager in information security.
Dr. Stephen Larson
Dr. Stephen Larson spent 18 years in industry before getting a PhD in 2011. His project management experience consists mostly of IT/IS projects in the US and Japan that range from small, short projects to leading a 38-member multinational project team on a 1-year IT transformation and archival project for a major pharma company in Japan. He currently teaches at Slippery Rock University and has a CISSP certification.
John Franolich has 20 years’ experience helping plan and implement security projects. John worked as a contractor for the government, a hospital, a large law firm, an open access research university, a global manufacturing corporation, financial and in retail. Some projects he has worked on ranged from moving to the cloud to moving back to on premise. John has worked with four managed security providers to plan and provision security operation centers including bringing a SOC in house saving the company one thousand dollars a day. Other successful projects John has engaged in is securing artificial intelligence and data science implementation in Azure using The Agile Method. John works for Bayer conducting threat modeling and evil user stories with medical devices and securing AI in GCP. John has a master's degree in Information Assurance from The University of Pittsburgh and holds a GIAC Cloud Security Automation Certification (GCSA). He was President of the ISC2 Pittsburgh Chapter for six years and has taught security in a university setting since 2010.
Doug Salah is a passionate and seasoned cybersecurity leader. He has worked in IT for Wabtec over the past 23 years building the network and cybersecurity teams. He has been instrumental in developing the IT department as Wabtec grew from 1,200 employees in 1998 to over 30,000 in 2021. Doug is active in the Pittsburgh cybersecurity community serving as Advisory Chair for ISSA Pittsburgh, Pittsburgh CISO Governing Body, CISO Coalition National Leadership Board, Pittsburgh Infragaurd and the FBI Citizens Academy.
Amy joined Vaco with 13 years of experience as a branch manager with equal responsibilities in business development, professional services, information technology, industrial engineering, and accounting and finance. Amy has built and managed two national firms while mentoring and developing many of Pittsburgh’s top talent in staffing. Prior to that, Amy spent 10 years in various business development roles within the IT and banking industry in the New England area.
In Amy’s free time, she enjoys hanging out with her kids and cheering them on at all of their softball games, cross country meets, concerts, soccer matches, and football games.