Sec PM · Domain 01/10

Security Program & Project Management

Production management for cybersecurity. The single highest-leverage path for someone who already produces.

No code required⏱ 6–12 monthsRemote Media transfer

01 · A realistic Tuesday

What the day actually looks like.

Mornings start with a 15-minute standup. Update tickets in Jira/Asana/Linear. Vendor calls — "Hi CrowdStrike, can we get the rollout schedule for the Lagos office?" — and chase signatures on DPAs. Mid-morning working session: rolling out MFA company-wide, prepping evidence binders for a SOC 2 Type II audit in Drata or Vanta, or coordinating a vendor-risk review. Afternoon: status report to the CISO ("3 risks rated High, MFA project 78% complete"), steering committee deck, budget reconciliation, tabletop scheduling email to legal + comms + IR. You write a lot. You rarely touch a terminal.

02 · Who hires

Where the work lives.

GoogleMetaMicrosoftAmazonCoalitionGitLabSnykHashiCorpOktaCrowdStrike

03 · Skills

What you actually need.

Technical

Jira / Asana / Lineartransferable
Identical to a production tracker.
Confluence / Notiontransferable
Documentation muscle is documentation muscle.
GRC tooling (Drata, Vanta, ServiceNow GRC)
Light cyber literacy: MFA, SSO, SIEM, EDR, vuln scanning
Agile / Scrum / Kanban / RACItransferable
Producers run sprints already, just under different names.
NIST CSF / ISO 27001 / NIST 800-53 (read-level)

Soft

Multi-stakeholder coordinationtransferable
Riding herd on DOP, sound, talent, locations = SOC, AppSec, IT, Legal, vendors.
Status reporting to executivestransferable
Production reports to exec producer = weekly status to the CISO/board.
Calm under deadline pressuretransferable
Crisis on set is incident-response coordination.
Budget trackingtransferable
Petty-cash reconciliation = project budget tracking.
Written claritytransferable

04 · Career ladder

The shape of the journey.

1
Project Coordinator0–1 yr
2
Security PM1–3 yr
3
Senior Security PM3–6 yr
4
Security Program Manager5–9 yr
5
Director of Security PMO8–14 yr
6
VP Security Operations / CISO track12–20 yr

6–12 monthsto break in

36121824

Note. Times reflect typical paths for someone with strong communication and 10–15 hrs/week of focused study.

05 · Salary explorer

What it pays.

Ranges are directional. Currency: USD · annual. The most achievable remote-first path of all roles in this roadmap. Last updated: 2025.

06 · Certifications

The cert sequence that won't bankrupt you.

CAPM

PMI

Project-management literacy without 36 months of prior PM experience.

Free starter

$300 · ₦450k

PSM I (Professional Scrum Master)

Scrum.org

Lightweight, no renewal fees, signals Agile fluency.

Recommended

$200 · ₦300k

Security+

CompTIA

Vocabulary baseline. Lets you sit in any cyber meeting.

Recommended

$404 · ₦606k

PMP

PMI

Take after 1–2 years experience. The gold standard for PM roles.

Eventually needed

$555 · ₦833k

PgMP

PMI

Senior-level. Only after several program-management years.

Nice-to-have

$1500 · ₦2250k

CISA

ISACA

Helpful for audit-adjacent program managers.

Nice-to-have

$575 · ₦863k

07 · Remote-friendliness

Working from Lagos, Abuja, or anywhere.

5/5

The single most remote-friendly cyber career. Lagos WAT covers EMEA business hours and overlaps US East mornings. Coalition, GitLab, Snyk, HashiCorp, Auth0/Okta and CrowdStrike all hire Africa-based contractors.

08 · Trade-offs

The good, the gritty, and who this suits.

Pros

+Highest creative-skills transfer of any cyber role.
+Strong remote-from-Africa market.
+Excellent salary trajectory.
+You build a network across every part of the security org.

Cons

−Always 'the non-engineer in the room' early on.
−Meeting-heavy.
−Bad orgs turn you into a glorified note-taker — interview the org, not just the role.

Personality fit

If you've ever held a production schedule together when three things broke at once, you can do this job.

09 · Watch this

Three to five hours that beat any cert.

Cybersecurity Program Manager — Salary and Skills You Need

Ken Underhill

Why watch. Direct walkthrough of the role and pay bands.

Day in the Life — Cyber Security GRC (work from home)

UnixGuy

Why watch. Realistic remote rhythm of an adjacent role.

Ricardo Vargas — 5 Minutes Podcast

Ricardo Vargas

Why watch. World-class PM thinking in five-minute hits.

10 · Next step for this path

Do this by Friday.

This week: translate one past production credit into a security-PM bullet on your LinkedIn (e.g., 'Coordinated 14-person crew across 3 locations on a 4-week shoot' → 'Coordinated 14-person cross-functional team across 3 locations on a 4-week production'). Apply to one entry-level Security PM role at a Lagos fintech. That's it.