Project management is another one of those critical skills that is not often considered for an information security employee. Many of us run from one fire to the next, and we often do not have much time to work on projects of our own.

In some, rare, cases, we are invited to sit on a project team that is assembled to address an IT problem, but even if that is the case, we usually don't get included until the project is already well on its way.

However, that's not the point that I am trying to make!

One of the things that I need to explain regularly is that the project manager's task is to provide the logistics for the project team. In other words, the project manager doesn't get to decide when things should happen, or how tasks should be executed.

His task is that the actual project staff can do their work as effectively and as efficiently as possible. The PM does so by making sure that they have what they need, and that they are not bothered with details that distract from the tasks at hand. To do so, the PM shields the project team from unnecessary and unauthorized scope changes, and he makes sure that "stuff" is ready when needed.

Of course, the PM must watch the timeline, the budget, and the nature of the deliverables. But, that goes without say.