For the past two years at Unsung Ltd, I’ve been managing Public Key Infrastructure (PKI) implementation and migration projects across complex enterprise environments. For many people, PKI is invisible. It’s the technology quietly enabling secure access, encrypted communications, device authentication, and digital trust across organisations. But behind the scenes, delivering PKI successfully is anything but simple.

My role sits at the intersection of business enablement, security, infrastructure, governance, and implementation, ensuring PKI solutions not only meet technical requirements but also enable the wider business securely and efficiently. On any given project, this typically involves deploying new Certificate Authorities, migrating legacy PKI platforms, and integrating with critical technologies such as Active Directory, cloud platforms, endpoint management solutions, and security tooling. These integrations directly support user-facing services including multi-factor authentication (MFA), secure access to Line-of-Business (LoB) applications, device authentication, and encrypted communications, ensuring users and systems can operate securely without disruption. All of this must align with organisational security policies and compliance requirements. However, the technical build is only one part of the picture.

A significant part of my role involves coordinating multiple stakeholders, including security teams, infrastructure engineers, vendors, architects, and senior leadership, while keeping delivery on track against often tight timelines and evolving requirements. As stakeholders develop a deeper understanding of PKI capabilities, additional use cases, integrations, or risk mitigation opportunities often emerge. While these can deliver real long-term value, they need to be carefully governed to ensure delivery remains controlled and aligned with agreed objectives.

Strong communication and good working relationships are critical. In project management, soft skills often mean the difference between project progress and project paralysis. Managing scope through structured change control, prioritisation, and clear governance is essential to prevent uncontrolled scope creep, while still enabling organisations to realise the full strategic benefits of their PKI investment.

PKI projects typically underpin critical business systems, making strong governance and risk management essential. This includes maintaining RAID logs, leading design and build readiness reviews, overseeing testing phases, and ensuring environments transition cleanly from development through migration into production. Underpinning all of this is a well-defined delivery methodology, which provides structure, transparency, and collaborative governance throughout the project lifecycle.

A well organised project plan and a detailed Actions Tracker is your friend if you want to stay organised. Especially if, like me, you have multiple concurrent projects to manage and, in the words of Steven Tyler, you don’t want to miss a thing… Dad jokes aside, this structured approach enables risks, assumptions, dependencies, and changes to be managed proactively, while ensuring stakeholders remain aligned through defined checkpoints, approvals, and regular reporting. This disciplined approach is particularly important in PKI migrations, where maintaining continuous trust services is critical while complex backend transformations take place.

One of the most challenging and rewarding aspects of the role is modernising legacy PKI estates. Many organisations operate certificate services that have evolved organically over many years, often with limited documentation and increasing technical debt. Successfully migrating and transforming these environments requires careful planning to avoid disruption, including mapping dependencies, validating integrations, rehearsing cutovers, and ensuring certificates continue to function seamlessly across hundreds or thousands of systems.

No two PKI projects are the same. Some focus on improving automation and operational efficiency, while others are driven by compliance requirements, resilience, scalability, or preparing for future challenges such as post-quantum cryptography. In many cases, these projects form part of a broader effort to strengthen organisational security posture, improve visibility, and reduce operational risk.

What I enjoy most is taking something inherently complex and turning it into a controlled, well-governed delivery that strengthens an organisation’s security foundation. When PKI is done right, nobody notices, and that’s often the sign of success. But behind that smooth outcome is months of planning, collaboration, technical problem-solving, and structured delivery.

After working in this space for over two years, I’ve seen first-hand how central PKI is to modern IT and cybersecurity, and how important strong project leadership is in making these initiatives successful. Thankfully, I work with an incredible team of PKI experts at Unsung Ltd who make delivering these complex projects possible.