Alicia M Morgan

By

Solving the Execution Gap in Tech Projects

Filed Under: Uncategorized Tagged With: , , , , , ,

Solving the execution gap in tech projects

Let’s discuss some of the challenges teams face throughout the execution of technology projects today.

I attended the Official Cybersecurity Summit expecting to learn about emerging threats. What I heard instead felt remarkably familiar.

“Plans look good, but they don’t match reality.”

These weren’t complaints about a lack of knowledge. Everyone in that room understood the Zero Trust security model. They used multi-factor authentication and had threat modeling frameworks in place.

Yet, there’s an execution gap—and it exists in every industry.

Understanding Organizational Gaps

Throughout the summit, I observed a clear pattern: organizations encounter three distinct gaps that limit successful implementation.

Knowledge gaps arise when teams lack a full understanding of what needs to be done. Rapid shifts in technology create constant learning demands, and new threats appear more quickly than training programs can address them.

Execution gaps emerge when teams understand the goal but struggle to carry it out effectively. Limited resources require careful prioritization, processes need refinement, and ongoing skills development is essential for success.

Trust gaps slow the adoption of new systems and approaches. Stakeholders question potential AI bias and raise issues around openness and ethics, many of which remain unresolved within the organization.

Most organizations concentrate heavily on closing knowledge gaps. They invest in training, pursue certifications, and adopt additional frameworks to enhance their skills.

At the summit, I saw advanced governance models and comprehensive frameworks. The knowledge was clearly shown through detailed presentations and expert discussions. Yet execution challenges continued to surface in nearly every conversation and case study.

Plans Don’t Match Reality

One theme stood out to me throughout the day. There is often a significant gap between documented plans and operational reality in most organizations.

Security leaders emphasized this point repeatedly during panel discussions. They urged attendees to stress-test their plans, talk directly with people across departments, and walk through real scenarios instead of assuming everything will work as written.

As one presenter put it, “You don’t rise to the occasion. You sink to your level of training.”

The solution is to hold quarterly tabletop exercises rather than rely on annual reviews or theoretical discussions. Teams need consistent, hands-on practice with the same stakeholders who will be responsible for executing under pressure.

Documentation isn’t the same as implementation. Plans need to be rehearsed regularly, tested against realistic scenarios, and refined based on actual operational constraints.

Cross-Functional Coordination Challenges

Security initiatives require careful coordination across multiple teams, such as legal, marketing, executives, customer success, IT, and operations. While the technical solution is clear to the security team, executing it successfully takes far more than technical expertise.

Clear communication channels need to exist before a crisis. Regular cross-team touchpoints help maintain alignment, and structured processes can eliminate information silos. Most importantly, the right people must be in the room when critical decisions are made.

One incident response panel underscored the importance of preparation. Organizations should identify the right stakeholders, establish working relationships across departments, define clear escalation paths, and practice coordination before a real threat occurs.

For project managers, understanding this cross-functional challenge is crucial. Learning about governance, risk, and compliance (GRC) is no longer optional. GRC provides an integrated approach to managing governance, risk, and regulatory obligations, and you need to speak the language of security teams fluently.

When a security team says, “We need to implement Zero Trust,” you should understand what that means operationally—how it affects departments, workflows, and budgets. You also need to translate those technical requirements for business stakeholders who make funding decisions.

This kind of cross-functional fluency often determines whether projects succeed or stall.

Justifying Security Investments

Multiple presenters mentioned a common challenge they face regularly. Leadership asks about the cost of doing nothing, which creates a difficult conversation about theoretical risks.

Executing security initiatives becomes challenging when the business case relies on preventing something hypothetical. Allocating resources to prevent theoretical problems requires a different framing than responding to actual incidents.

The answer involves combining risk-based prioritization with clear business alignment. Security leaders who succeed in execution don’t talk about technical threats in isolation. They connect security initiatives to tangible business outcomes. They link security investments to customer trust and retention. They tie security capabilities to strategic objectives that executives already care about.

This is where project managers add significant value to security initiatives. You translate technical security requirements into business language that resonates. You build the case for investment using business metrics. You connect security capabilities to outcomes that leadership prioritizes.

Top Threats for 2026

The summit outlined major security threats that organizations will face in the coming year.

AI-powered cyberattacks use agentic AI to automate phishing campaigns and malware deployment at unprecedented scale. Vulnerability discovery happens faster than ever, giving defenders less time to respond.

Supply chain compromise continues to grow as attackers exploit third-party software and service providers. Established trust relationships become dangerous attack vectors that bypass traditional security controls.

Business email compromise has been enhanced significantly by AI-generated emails. These messages mimic tone perfectly and match context accurately, making them nearly impossible to distinguish from legitimate communications.

Ransomware evolution continues with the growth of Ransomware-as-a-Service models. These services make sophisticated attacks more accessible to criminals with limited technical skills.

Regulatory and compliance gaps emerge as data privacy laws evolve rapidly across different jurisdictions. Governance models struggle to keep pace with regulatory changes and enforcement priorities.

The technical knowledge to address these threats is in the security community. The frameworks are available and well-documented. What’s missing is execution capacity within most organizations.

Organizations are facing challenges in implementing necessary protections amid competing priorities and limited resources. Resource constraints create difficult choices about what to prioritize. Organizational complexity means careful navigation to gain approval for initiatives and their implementation.

GenAI Governance Complexity

The session on data security for GenAI illustrated execution gaps in a rapidly evolving area.

The governance requirements were clear and well-articulated by experts. Organizations need to identify shadow GenAI usage across departments. They must control GenAI assistants to prevent unauthorized data exposure. They should protect sensitive data in proprietary models through careful architecture. They need to establish AI ethics boards with cross-functional representation and document complete model lifecycles from development through decommissioning.

Every organization in that room understood these requirements conceptually. The challenge was operationalizing these principles in real organizational contexts.

Balancing innovation speed with security controls presents real difficulty for most teams. Monitoring shadow IT without creating an oppressive surveillance culture requires careful design and clear communication. AI governance ownership naturally spans multiple departments, creating coordination challenges.

One presenter noted the accountability problem that many organizations face. “If a financial AI blocks a legitimate transaction, who’s accountable? The developer? The bank? The vendor?”

This question isn’t primarily technical in nature. It’s fundamentally an execution challenge about defining roles, clarifying responsibilities, and establishing clear processes before problems occur.

The Human Element of Execution

The most repeated insight throughout the summit: “Security is a team sport. People are our greatest resource and our most important focus.”

Execution challenges often stem from human factors rather than technical limitations. The technology typically works as designed, but bridging the gap between security requirements and daily work habits requires thoughtful implementation.

Employees may click phishing emails despite completing annual training. Shadow IT usage emerges when approved tools feel cumbersome compared to alternatives. New authentication requirements face adoption challenges across the organization. Siloed information can hinder coordinated response when incidents occur.

The solutions discussed were execution-focused rather than purely technical. Speakers recommended using microlearning approaches instead of annual training dumps. They suggested making secure choices the easiest path to a better user experience. They emphasized using empathy and clear communication in security messaging. They advocated balancing automation with human judgment and building resilience through repeated practice.

Technical controls, when paired with meaningful behavior change across the organization, succeed.

Cross-Industry Execution Patterns

Alicia M Morgan AI Fluency

My background in aerospace, nonprofit management, and Fortune 500 environments prepared me to recognize these patterns. I recognize the same execution challenges I’ve encountered across different industries.

In aerospace, brilliant safety protocols face implementation challenges. Shift changes create communication gaps that undermine even the best-designed procedures.

In nonprofits, mission-critical programs need careful resource management to succeed. Resource constraints and competing priorities require strategic choices about what to pursue and what to defer.

In Fortune 500 companies, digital transformation strategies require sustained effort over time. Change management deserves dedicated attention and resources rather than being treated as an afterthought.

The execution patterns are remarkably universal across these different contexts. Plans look compelling on paper, but can overlook operational realities and human behavior. Cross-functional initiatives fail with unclear ownership and accountability.

Competing priorities without a clear resolution mechanism leave teams struggling to define a path forward. Training doesn’t translate to behavior change without reinforcement and practice.

Closing Cybersecurity Execution Gaps

Based on insights from the summit, organizations can close execution gaps through specific, practical actions.

Organizations should test plans against reality through quarterly tabletop exercises with actual stakeholders. They need to stress test assumptions about response times and available resources. Walking through realistic scenarios with legal, operations, and business teams reveals gaps that documents miss.

Building cross-functional discipline requires establishing clear communication channels before crises occur. Organizations must define roles and decision rights explicitly rather than assuming everyone understands their responsibilities. Creating regular touchpoints across teams fosters alignment and builds working relationships.

Aligning security with business outcomes helps secure necessary resources and support. Organizations should connect security initiatives to revenue protection and customer trust. Quantifying the cost of doing nothing in business terms resonates with executives. Prioritizing based on both risk and business impact ensures resources are in the right places.

Phasing implementation based on real constraints acknowledges resource limitations upfront. Organizations can create phased roadmaps with clear dependencies between initiatives. Defining what’s immediate versus future helps teams focus their limited capacity. Building momentum through small, visible wins creates support for larger initiatives.

Looking Ahead

Here’s what the summit reinforced through multiple sessions and conversations: execution gaps appear everywhere in technology projects. They’re not failures of knowledge or expertise among talented professionals. They’re natural challenges that emerge from organizational complexity and competing demands.

The patterns I observed in cybersecurity discussions mirror what I’ve seen across aerospace, nonprofit, and corporate environments. Great strategies exist in documented plans. Talented people understand what needs to happen conceptually. But execution consistently requires more than knowledge alone.

It requires structured yet adaptable approaches to coordination that work in real organizations. Clear ownership and accountability that survive organizational changes. Regular practice of critical processes rather than theoretical understanding. Metrics that measure actual outcomes, not simply checking activity boxes. Change management that accounts for human behavior and organizational culture.

Most importantly, successful execution requires bridging different organizational worlds. People who understand both technical details and business realities. People who can translate between strategy and operations. People who connect security requirements with innovation priorities.

The execution gap isn’t about assigning blame for failures. It’s about recognizing an important truth. Implementation deserves the same rigor and attention as strategy development. Cross-functional coordination needs dedicated focus and structured approaches. Practice matters as much as planning for building organizational capability.

When we approach execution challenges with this mindset, we stop asking why implementation isn’t happening on schedule. We start asking what structures, processes, and support enable successful execution despite complexity.  That shift in perspective makes all the difference in project outcomes.

About Alicia Morgan, PMP: Alicia Morgan is an innovation strategist specializing in technology project and program management. She helps organizations bridge the gap between strategy and execution. With experience spanning aerospace engineering, Fortune 500 project and program leadership, and nonprofit management, she brings a cross-industry perspective to cybersecurity governance, AI implementation, and innovation in traditional environments.