Why every red team PM ends up living in a spreadsheet (and why that's a real problem)
I've been managing projects and people for more than seven years. And the answer to basically every operational problem I've encountered has always been the same: create a new spreadsheet.
Finances? Spreadsheet. Resource planning? Spreadsheet. Work breakdown structure? Spreadsheet. Tracking which engagements are running concurrently, who's on what, what's due when, what's been reported and what hasn't? Spreadsheet, spreadsheet, spreadsheet, spreadsheet.
I've tried to escape. Genuinely. I've put real hours into evaluating what's out there, and every time I end up back at the same place — staring at rows and columns like they're an old, slightly disappointing friend.
Here's the pattern I've noticed: every general-purpose PM tool fails for the same reason. They're trying to be everything for everyone, and in doing so they become useful for almost no one specific.
Jira is powerful, but it was built for software development sprints. Running twenty concurrent three-month pentests in it feels like navigating a cargo ship through a canal. Monday looks great in the demo, but peel back the interface and you're essentially looking at a spreadsheet with better fonts. Notion is infinitely flexible, which sounds like a feature until you're two hours deep into building your own project structure from scratch and wondering if this is actually your job. Clarity has so many backoffice constraints it feels like the tool is managing you, not the other way around.
My current setup — and I say this without pride — is Obsidian for project notes and information, and spreadsheets for everything else. Is it elegant? No. Does it work? Barely, and only because I've spent years learning to live around its limitations.
The part that actually bothers me isn't the aesthetics. It's the operational drag.
Sharing a spreadsheet with a consultant who just needs to know their tasks? They'll open it, feel nothing, and close it. Updating it in parallel with a colleague? You'll end up with three versions, no clear owner, and a reconciliation process nobody has time for. Pulling together a status update for a client? That means exporting, formatting, copying, and hoping nothing has changed in the forty minutes it takes you to do it.
For a single project, this is annoying. For a portfolio of concurrent engagements — each with its own scope, timeline, client, and delivery team — it compounds into something that quietly costs you hours every week.
The tool problem in cybersecurity consulting is specific: we don't run one project at a time, we run portfolios. We have phases that are native to this work — scoping, reconnaissance, exploitation, reporting — that don't map cleanly onto generic task boards. We have clients who want visibility without access to our internal chaos. We have consultants who are delivery resources, not project managers, and who need clarity without overhead.
No general-purpose tool was designed with that picture in mind. And so we adapt. We build elaborate spreadsheets. We develop workarounds we're quietly proud of. We make it work, until the portfolio grows large enough that it stops working.
I don't think the answer is another general-purpose tool with a cybersecurity skin on top. I think the answer is something built from the ground up around how this work actually runs — the portfolio view, the engagement lifecycle, the delivery team, the client relationship.
Whether that exists yet is a different question. But I'm increasingly convinced it should.