**Cons**
* Governance and decision-making within GSIS were unclear and unstable.
* Scope, priorities and expectations could shift abruptly, even after earlier alignment.
* The reality of the assignment did not fully match the expectations created during onboarding.
* External project managers appeared vulnerable when direction or senior management priorities changed.
* The environment felt more reactive than structured, especially for cybersecurity programme delivery.
* There was limited protection for PMs against issues caused by unclear sponsorship, shifting scope or inconsistent leadership.
