I made over $300,000 in a single year as a project manager. I have friends in cybersecurity making less than half of that — working twice the hours. Most career advice comparing these two jobs has the math completely backwards, and if you pick the wrong one for the wrong reasons, you can lose two or three years before you realize it. Here’s the honest comparison nobody else is going to give you.
Quick context: I’ve been an IT project manager for over eight years, running projects remotely from Mexico, Colombia, Peru, and Argentina — and I’ve helped over 100 people with no real PM experience break into the field and land actual jobs. A lot of the projects I’ve run sit right next to cybersecurity work: identity and access projects, network rebuilds, audit and compliance, security-owned tool rollouts. I’ve watched cyber people up close for years — how their week looks, how they get hired, how they get paid, and how they burn out. I’m not a cyber expert, but I’ve spent enough time around both worlds to give you a comparison that’s actually grounded.
Why most PM-vs-cybersecurity advice is wrong
The people telling you to pick cybersecurity have usually never managed a real project. The people telling you to pick project management have usually never sat next to a security analyst at 11pm during an incident. So the comparisons you’re getting are surface-level: salary numbers pulled from job boards, demand projections from LinkedIn, bullet lists that don’t capture what either job actually feels like to do every day. And the cost of getting this wrong is real — a year or two studying the wrong things, paying for the wrong certifications, building the wrong portfolio.
The real question (and the 2 you must answer)
Most people treat this like a coin flip between two equally good paths. That framing is broken from the start. For most people in their 30s and 40s — with bills, families, and limited runway — these careers are not equally accessible. One lets you use skills you already have; the other asks you to build a brand-new technical foundation from scratch. Before anything else, answer two questions honestly:
- How comfortable are you being responsible for things that depend on other people? Project management is the work of getting other people to deliver. If you hate dealing with people, this job will eat you alive — no matter the salary.
- How comfortable are you sitting inside deep technical detail for hours at a time? Cybersecurity at the working level is dense — logs, queries, documentation not written for humans. If you don’t enjoy that focus, you’ll fight your job every day.
Most of the seven dimensions below are downstream of those two questions.
1. Time-to-entry
If you’re already in operations, coordinator, or analyst work, project management is realistically six to twelve months of focused effort to become hireable — because most of what you need to demonstrate is already buried in the work you do today. Cybersecurity is 18 to 36 months minimum: networking fundamentals, OS basics, scripting, and home-lab work before you even touch the security material. If your runway is short, this gap matters more than anything else on the list.
2. Day-to-day reality
A PM’s Tuesday is inbox triage, a 9am stand-up, a stakeholder wanting to change scope at 10, a status email over lunch, two more meetings, a vendor call, forty messages, and roughly ten decisions that affect other people’s work. A SOC analyst’s Tuesday is logging into security tools, picking up alerts, spending three hours investigating one suspicious login, writing up findings, and handing off. PM is constant context-switching and communication; cyber is deep focus and narrow scope. If one of those lit up for you while the other made your shoulders tense — pay attention to that.
3. Technical depth required
PM needs translation-level depth: understand what a system, API, or database is, and what it means to deploy something — enough to ask the right next question. You don’t write code. Cybersecurity needs execution-level depth: run queries against logs, read network traffic, configure tools, write scripts, understand operating systems deeply. Translation-level can be learned in months. Execution-level takes years.
4. Personality fit
PM requires you to enjoy — or at least tolerate — conflict, visibility, and being held accountable for things you don’t fully control. Cybersecurity is closer to the opposite: quiet, methodical, repetitive work where you’re invisible until something goes wrong. These aren’t introvert-vs-extrovert clichés; they’re real predictors, and the wrong fit is what burns most career-changers out by year two.
5. Portfolio expectations
A PM portfolio is translation and storytelling: a charter, a stakeholder map, status reports, a RAID log, and the decisions behind them — much of it buildable from your current role. A cybersecurity portfolio is demonstration: TryHackMe/HackTheBox writeups, home-lab projects, GitHub scripts, and certifications as gatekeepers. PM rewards good storytelling; cyber rewards visible proof.
6. Salary path (the “cyber pays more” myth)
Online you’ll see “cybersecurity pays more” everywhere. The numbers don’t actually support that for most career-changers. At entry level both land around $60–80K; mid-career, both around $90–130K. The paths diverge at the senior end: a senior IT PM who moves into program management or contracting can clear $200K without a leadership title, while a senior cyber engineer who stays an individual contributor usually plateaus earlier unless they move into architecture or management. For most people, the more reliable six-figure path is project management.
7. Who should pick each
For most career-changers in operations, coordinator, analyst, or support work between 30 and 45, project management is the better path: you use skills you already have, the timeline is half, the technical lift is months not years, the portfolio is buildable in your current role, and the senior salary trajectory is stronger. Pick cybersecurity if you genuinely enjoy deep technical work, have 18–36 months of runway, would rather solve hard problems alone than negotiate with people, and are okay being invisible until something goes wrong. If that’s you, cyber is a real fit. If it isn’t, it’ll burn you out by year two.
A real story + the bottom line
A guy reached out to me last year — 38, a decade in retail operations, trying to decide between PM and cyber. He’d already paid for a Security+ prep course. We walked through these same questions, and he realized he hated the idea of sitting alone with logs for hours. He cancelled the course, built a PM portfolio from work he was already doing, and landed a project coordinator role nine months later. That’s the cost of the wrong pick — he almost spent two years studying for a job that didn’t fit him.
Two questions decide this for you: Are you comfortable being responsible for things that depend on other people? Are you comfortable sitting inside deep technical detail for hours at a time? Be honest with both, and the path becomes clear.
If you’re leaning PM, the fastest way to get hired is to build real project experience — with real stakeholders, ceremonies, and artifacts you can put in your portfolio.
Related reading:
- The Real Reason Entry-Level PM Jobs “Require Experience”
- Project Coordinator vs Project Manager: What Nobody Tells You
- Project Management Salary Guide 2026: How Much Do PMs Really Make?
- Why Most People Stay Stuck Trying to Break Into Project Management
Ready to close the Experience Gap? Join The Eddie System on Skool →
Ready to gain real IT PM experience?
Turn the work you’re already doing into a portfolio that actually gets you hired — inside a live PMO.
