Site icon IT World Canada

Successfully managing Cybersecurity projects in the Age of AI

Managing cybersecurity projects in the age of AI has become more demanding. The stakes are higher. The cost to recover from a successful cyberattack is typically millions of dollars. The damage to reputation is significant but difficult to estimate.

In the age of large language models (LLMs) and generative AI, organizations must confront the security implications associated with these powerful technologies. Widespread attacker adoption of these technologies requires heightened responses to:

On a more positive note, adding LLMs and AI features to your cybersecurity defences can strengthen your organization’s defences against cybercriminals and keep its data safe.

Here’s a list of topics cybersecurity project managers should address with their teams in their project management plan to ensure a successful cybersecurity project.

Project management best practices apply

Cybersecurity projects, with or without an LLM and AI, are not different from other IT projects. Sometimes, project teams convince themselves that cybersecurity projects are so profoundly technical that specialized individuals should be let loose to deliver them and that project management best practices don’t apply.

Don’t fall into this trap. Some cybersecurity deliverables are deeply technical. However, that’s a reason to emphasize project management best practices, not abandon them.

Data scientists require management

Your data scientists will be valued members of the cybersecurity project team. However, as their name states, these individuals are scientists, not IT professionals. Their culture, education, work practices, organization expectations, attitudes, and reward systems differ from those of IT professionals. These differences can lead to conflicts and performance frustrations.

Project managers can mitigate these risks by coaching data scientists to:

 

Cybersecurity project risks

Project managers face the usual project risks plus a few new ones when managing cybersecurity projects. The risks include:

Project scope risks

To dramatically reduce cybersecurity risks, anxious stakeholders often push the cybersecurity project team to deliver an ambitious scope that exceeds the organization’s skills and budget. The project team can reduce anxieties and facilitate a more factual discussion to refine the scope by:

Project team skills and experience risks

Cybersecurity and AI/ML skills and experience are in demand as most organizations seek to raise their defences and reduce risks. Every recruiting website is overflowing with job postings. This situation will make it difficult to staff your project team with the desired skills and experience.

Your staffing risks can be addressed by:

LLM vendor and software risks

Most organizations will license a vendor LLM and supporting software to raise their cybersecurity defenses rather than build their own LLM and supporting software.

The project team can thoroughly evaluate the functionality of shortlisted LLMs and related software to reduce the risk of contracting for an inadequate or inappropriate LLM. Please read the article below for an extensive discussion of evaluation criteria to compare LLMs for your project.

Project managers will carefully reduce expectations with their project sponsors and stakeholders because difficulties will arise with such immature software.

 

Software stability risks

The AI- and ML-enhanced cybersecurity software vendors offer is brand new and has not been tested rigorously. The paint is likely still drying. Vendors are working overtime to add functionality to their products as LLMs advance rapidly. To mitigate the risks of basing your project on unstable software, the project team should:

Software customization risks

Don’t customize cybersecurity software packages. It’s expensive and problem-prone. The biggest cost is re-applying the customizations for each new software version the vendor provides. This risk can be addressed by:

Do not confuse configuring software with customizing software. Configuring software involves setting values for variables the software package offers to tailor its operation. Customizing software is about writing and integrating new source code into the software package.

Management expectations risks

Senior management expectations for project costs, functionality and elapsed time often exceed available budget and organization capacity. This risk applies to cybersecurity projects because of management’s lack of familiarity with such projects. Project managers can narrow the gap between expectations and reality by:

Project managers and their teams can deliver successful cybersecurity projects by proactively adhering to project management best practices and mitigating project risks.

What ideas can you contribute to help project managers manage cybersecurity projects? We’d love to hear your opinion. You can share that with us below. Select the checkmark for agreement or the X for disagreement. In either case, you’ll be asked if you also want to send your comments directly to our editorial team.

Exit mobile version