IT Security & AI Project Management

Delivering secure projects, on time, every time.

Senior cybersecurity project management consultancy with over a decade of enterprise experience across healthcare, manufacturing, technology, and government environments.

Our Services About Our PMs
Security Project Lifecycle Initiation Scope & Charter Planning Risk & Schedule Execution Delivery & Control Reporting Stakeholders & PMO Risk Mgmt RAID & Governance Close-Out Lessons Learned
10+ Years in Cybersecurity PM
$1M+ Program Value Managed
25+ Concurrent Projects Overseen
4 Industry Sectors Served
Michael Shults
Michael Shults
Senior Cybersecurity Project Manager
  • michael.shults@techfield.com
  • Kansas City, MO

Certifications & Education

  • PMP — Project Management Professional
  • Scrum Master Certified
  • SPOC — Scrum Product Owner Certified
  • CompTIA Security+
  • B.Sc. Information Systems Security
  • B.Sc. Business Management
  • Graduate Project Management Courses
  • DoD Secret Clearance (held)

Professional Profile

A decade of enterprise security delivery, built from the ground up.

Michael Shults is a Senior Cybersecurity Project Manager with more than ten years of progressive experience leading complex security programs across enterprise environments. His career spans healthcare, manufacturing, technology, and government contracting — giving him an unusually broad perspective on how security delivery operates under different regulatory regimes, risk appetites, and organizational cultures.

Michael began his professional career in the United States Army, where he served for seven years as a Satellite Communications Soldier — including a fifteen-month deployment to Mosul, Iraq. That experience instilled a disciplined approach to high-stakes operational environments, structured communication under pressure, and accountable execution that continues to inform his project management philosophy today.

Following an honorable discharge at the rank of Sergeant (E5), Michael transitioned into the private sector and progressively built a career at the intersection of information security and project delivery. He holds a Bachelor of Science in Information Systems Security and a Bachelor of Science in Business Management from Grantham University, supplemented by graduate-level project management coursework.

Michael is certified as a Project Management Professional (PMP), Scrum Master, and Scrum Product Owner (SPOC), and holds CompTIA Security+ certification. He has previously held a DoD Secret Clearance, renewed in 2016. These credentials, combined with hands-on technical experience across security tooling, architecture, and governance, enable him to operate credibly in both the boardroom and the technical delivery environment.

Career History

Nov 2022 – June 2026
BlueScope Buildings North America
Senior Project Manager

Led the Security Athena Program — an enterprise-wide initiative overseeing 25 concurrent security projects including Data Classification, Data Loss Prevention, Network Segmentation, Identity & Access Governance, and System Hardening. Responsibilities encompassed full project lifecycle management: scoping, budgeting, scheduling, risk assessment, and Steering Committee reporting. Subsequently guided the team's transition to Agile and Scrum, introducing sprint-based delivery, prioritized backlogs with business value scoring, and enhanced quarterly PI Planning. Instrumental in establishing a formal Security PMO with standardized documentation templates across Project Concepts, RACI matrices, Cost Analysis, and Status Reporting.

May 2022 – Nov 2022
Wolters Kluwer
Information Security Project Manager

Managed a portfolio of security projects including F5 WAF deployment, Coverity version upgrades, and application security training initiatives. Produced full project documentation — intake forms, project plans, scoping documents, and work breakdown structures — using the Atlassian Suite. Coordinated team sprints in JIRA and delivered weekly project status updates to senior management.

Nov 2017 – Mar 2022
Cognizant / Bolder Healthcare Solutions
Information Security Specialist & IT Security Project Manager

Served in a dual-capacity role supporting M&A security integration for Bolder Healthcare. As IT Security Project Manager (Cognizant), led CyberArk IAM implementation from initial licensing through server configuration and account establishment. Supported HITRUST and SOC2 certification efforts, including artifact gathering for external auditors. As Information Security Specialist, built Bolder's IT security program from inception: designing the CSIRT and Incident Response procedures, implementing the Vendor Risk Analysis framework, establishing firewall policies, and conducting quarterly vulnerability scanning. Also authored security process documentation aligned to ISO 27001.

Mar 2015 – Oct 2017
Cerner Corporation
System Engineer / Security Architect

Deployed and managed Imperva database security across more than 450 client databases, completing the full rollout ahead of schedule. Served as apprentice project manager on SSL Decryption and DDoS mitigation projects — producing RFIs, test plans, and scope documentation, coordinating proof-of-concept execution, and finalizing procurement. Conducted security risk assessments against NIST, ISO, and CIS Top 20 frameworks to inform future security roadmaps.

Aug 2012 – Mar 2015
Artel LLC
Information Security Analyst / NOC Administrator

Performed cross-domain security testing — planning, executing, and reviewing test plans in coordination with government clients. Produced post-test reports on cross-domain filtering results. Prior to this role, served as BFT2 NOC Administrator, managing network outages, resolving client connectivity issues, and maintaining technical and procedural documentation for the NOC environment.

July 2005 – Aug 2012
United States Army
Satellite Communications Soldier — E5 Sergeant

Seven-year military career as a SATCOM Soldier, including deployment to Mosul, Iraq. Operated JNN KU band and STT satellite systems; served as a Technical Data Planner for satellite communications infrastructure in South Korea; and worked with 2m SNAP kits, Tri-Band AVL antennas, and Raytheon GBS systems at Aberdeen Proving Grounds. Honourably discharged at the rank of Sergeant in 2012.

Contract Services

What this consultancy offers

Available as an embedded PM resource or standalone contract engagement. All services are shaped by real enterprise security delivery experience — not generic project management applied to a security context.

Security Program Management

End-to-end management of enterprise security programs spanning multiple workstreams, vendors, and executive stakeholders. Proven delivery of programs valued in excess of $1M across concurrent project portfolios.

PMOGovernanceSteering Committees

Agile Security Delivery

Embedding Agile and Scrum methodologies within security contexts — sprint structuring, backlog prioritization with business value scoring, and quarterly PI Planning aligned to security program objectives.

ScrumAgilePI PlanningBacklogs

Risk & Issue Management

Building and maintaining RAID logs, risk registers, and escalation frameworks. Translating technical risk into executive-ready reporting that enables leadership to make informed decisions with confidence.

RAIDRisk RegisterEscalation

Waterfall & Structured Delivery

Formal stage-gate delivery for regulated environments or fixed-contract programs where scope stability, compliance alignment, and rigorous documentation are non-negotiable requirements.

WaterfallPRINCE2Stage Gates

Executive & Board Reporting

Producing clear, authoritative security program reporting for C-suite and board audiences — RAG dashboards, steering committee packs, and program status documentation built to your standards.

Board ReportingRAG DashboardsSteering Packs

Security PMO Establishment

Designing and standing up Security PMO functions from scratch — document templates, intake processes, RACI frameworks, cost analysis models, and reporting cadences tailored to your organizational structure.

PMO BuildTemplatesRACIProcess Design

Engagement Model

A clear path from first conversation to final delivery

Every engagement begins with understanding your environment — not applying a pre-built framework and hoping it fits.

1

Discovery Call

Understand the program, its constraints, key stakeholders, and what successful delivery looks like for your organization.

2

Scope & Proposal

A clear statement of work with agreed deliverables, timeline, and transparent pricing — day rate, fixed fee, or retained.

3

Mobilization

Rapid integration into your tools, processes, and stakeholder landscape. Productive within the first week of engagement.

4

Delivery

Weekly status reports, steering updates, and continuous risk management. You are never without visibility.

5

Close & Handover

Documented lessons learned, clean handover packs, and retained availability for any post-project questions or follow-on work.

Domain Expertise

Genuine security delivery depth

Direct, hands-on experience across the full range of enterprise security project types — not generalized PM practice applied to a security setting.

Identity & Access Management

End-to-end delivery of IAM and PAM implementations — including CyberArk deployment from initial licensing through to production. HITRUST IAM certification support and ongoing IAM governance program management.

Security Tooling Implementation

Project management of enterprise security tool deployments: Imperva (450+ databases), F5 WAF, QRadar SIEM, FortiMail, FortiGate, Sophos AV, and Coverity — across multi-vendor, multi-team environments.

Compliance & Certification Programs

Structured project support for SOC2, HITRUST, and ISO 27001 certifications — coordinating artifact gathering, auditor liaison, and remediation tracking across cross-functional teams.

Data Protection & DLP

Delivery of Data Classification, Data Integrity, and Data Loss Prevention initiatives at enterprise scale, including associated policy development, stakeholder training, and technical implementation oversight.

Network Security Projects

Program management for Network Segmentation and Zoning, SSL Decryption, DDoS mitigation, F5 WAF, and firewall policy design — across both Agile and Waterfall delivery frameworks.

Incident Response & Business Continuity

Design and implementation of CSIRT processes and IR procedures from inception; Business Continuity and Disaster Recovery project delivery; and security program development in regulated healthcare environments.

Why Engage This Consultancy

The case for a specialist

Security projects fail for well-documented, recurring reasons. The following reflects how this practice is built to address them directly.

Security-native practice

Every methodology applied is shaped by real security delivery experience — compliance constraints, audit requirements, vendor risk, and the cost of control failures are built into the approach, not retrofitted.

Fluent across all levels

Equally comfortable in a Steering Committee presenting to a CISO and in a technical working group with an IAM engineering team. Nothing is lost in translation between business and technical stakeholders.

Breadth without dilution

Experience across healthcare, manufacturing, technology, and government contracting means the approach adapts to your regulatory environment and organizational culture without sacrificing depth or rigor.

Flexible engagement terms

Day rate, fixed-fee milestone, or retained advisory — structured to fit your procurement cycle and IR35 position. Rapid mobilization is standard: most engagements commence within two weeks of contract signature.

Certified and credentialled

PMP, Scrum Master, SPOC, and CompTIA Security+ certifications, combined with two undergraduate degrees and a previously held DoD Secret Clearance, provide a verifiable professional baseline for any engagement.

Ready to discuss your next security program?

Submit your email address and a brief description of your engagement — a no-obligation discovery call will be arranged within two business days to assess fit and scope.