This study examines the multifaceted role of cybersecurity program managers through a survey of 50 professionals working in this domain. As organizations increasingly rely on technology, implementing comprehensive cybersecurity programs is critical for robust defenses, yet poses unique coordination challenges across complex initiatives. Program managers play an important role in guiding these efforts from planning through implementation, but their specific skills and attributes that define success have not been well explored. The research aims to address this gap by investigating the core competencies of effective cybersecurity program managers through a survey collecting both qualitative and quantitative data on responsibilities, skills, challenges, and best practices. The results indicate strong communication abilities combined with project planning and stakeholder management skills are vital for navigating organizational dynamics within this emerging management discipline. The findings offer guidance for structuring optimal cybersecurity program functions and selection criteria to strengthen defenses through strategic delivery. Further research in this area can help develop cybersecurity programs that effectively mitigate evolving threats.

Application security has become increasingly important as organizations digitally transform and rely more on software to operate. However, balancing security with competing development priorities like speed and new features presents ongoing challenges for program managers responsible for overseeing application projects. This study explored the perspectives of 10 cybersecurity program managers through interviews to understand their approaches to security governance and the common obstacles faced. Key challenges included pressuring developers focused on rapid delivery to also consider threats, limited security testing resources, and difficulty prioritizing among risks. However, establishing security requirements early in planning and integrating validation checks directly into workflows helped shift security left. Close collaboration between functions and leadership support for proper training and staffing also aided prioritization. While generalizability was limited, data saturation was reached on major themes. Establishing security guidelines upfront aligned with frameworks, yet deeper cultural changes may still be needed at firms resistant to oversight. Metrics and skills shortages also require attention. The research validated the pivotal role of program managers and provided insights into both barriers and effective practices, with implications for process improvements and leadership support to strengthen application defences.