Happy New Year and welcome to the community, @Erin Dillard.

While I do not qualify as a customer in this scenario, I have met many Atlassian customers over the last seven years. Most of those conversations were about improving PMO operations using Atlassian and Atlassian Marketplace products. Many of my professional friends and acquaintances are PMO-focused in their work as well.

I reached out to a number of them before replying.

Unfortunately, none of us has met an Atlassian customer who's using Jira & Confluence as you describe. Note: That does not mean they're not out there by any stretch. Hopefully, one of them will rely to your post.

That said, everyone I talked to (and I) all agree anyone can apply PMO principles and best practices — using Jira and Confluence — to any program management scenario, including cybersecurity.

I'm looking forward to seeing your presentation at Atlassian Team'26 on how you and your team did just that within your company.  😉

-dave

Hi Erin,

I hope this message finds you well. I previously worked as a Senior Project Manager in the Global Cyber Security PMO at a major bank in Canada, and I believe I can assist with some of your questions.

Confluence: A hierarchical organization is an effective way to structure Confluence. Consider organizing it as follows: Line of Business >> Applications >> Initiatives (Transformational or Operational). Be mindful that some initiatives may span multiple areas, so a special setup might be necessary to ensure relevant information is accessible in the appropriate spaces.

Project Plan: A robust project plan is typically built from the bottom up. Initially, it's beneficial to collaborate with engineers to develop the plan. Over time, you'll notice patterns in the initiatives, which is an excellent opportunity to create templates for your project plans. For new initiatives, especially those involving the implementation of a specific COTS tool, your vendor may already provide a template. Utilize and customize it as needed.

JIRA: Although you didn't ask about this directly, I would also encourage you to start thinking about JIRA for your initiatives now itself. It has capabilities to set-up project plans within it and if your JIRA set-up is done well, it really helps achieve goals more efficiently.

I understand this is just a brief overview, but I am confident you will excel. Should you need further assistance or a deeper dive into any of these topics, please don't hesitate to reach out.

Best regards,

Rahul

Bringing security and project management together can be tricky, but clear processes and close teamwork help. I’ve seen success with regular risk assessments and strong collaboration between security and project teams.

Setting up a PMO within a Cybersecurity department is a great move for improving project governance and aligning security initiatives with business objectives. Since you're already using Jira and Confluence, you might want to structure your wiki with sections for governance policies, project templates, risk registers, and stakeholder communication plans. A best practice is to create standardized workflows in Jira that integrate with Confluence for automated reporting. Some teams even use IP stresser to simulate network loads and test security controls, which could be useful if performance metrics are part of your PMO oversight.

Hello everyone and thank you so much for all of this valuable feedback! I'm just now catching up to this thread as I have been head's down the last couple of months trying to build out the processes for our program. To clarify, what we have actually established at our organization is an "Office of the CISO" (OOTC), with a focus on Security Program Management, which is what I am involved in building out, essentially a PMO function within our OOTC "team" so to speak. I've gotten pretty far along in building out our Confluence site and creating documentation for standardizing Jira workflows within our organization, but I am struggling with getting some of our teams on board with this standardization. Leadership agrees we need to standardize the way we do things in order to keep our department aligned on business goals, but each team has been doing things their way for so long that the team managers are hesitant to adopt new practices. While I did mention in my previous post that we use Jira widely through our organization, which is true on a broad scale, I have discovered however through my research into building this program that several of our teams within our department actually don't use it at all and don't know how to use it, which explains their hesitation to adopt it. This has been a frustrating dilemma for me because leadership is telling me they want a better, more universal or standardized way of understanding and tracking important projects for each team, however my attempts to convince team managers to adopt Jira as a project management tool to better align our org have been met with a lukewarm sense of enthusiasm to put it best. Does anyone have any advice on how I can best advocate for the utilization of Jira to keep our teams aligned and our project data better accounted for? I have documentation, I have presentations, I have given 1:1 demonstrations even to several teams, but I am only one person. It really is just me putting this all together in a sense, as my one other team-mate is focused on other important aspects of our team's focus. I welcome any and all advice, mentorship, examples anyone can provide, and I am also happy to set up any meetings necessary with experienced professionals in this field who can point me in the right direction. My personal email address is cgwolf2013@gmail.com if anyone could possibly reach out to me to set up some time. I know this might sound a bit desperate but I need all the help I can get! Thanks in advance!