Cybersecurity mindsetCybersecurity Mindset https://johnbandler.com/cybersecurity-mindset/

By John Bandler

Cybersecurity is about decisions people make, and for some organizations that have not even started with cybersecurity, that needs to start with this cybersecurity mindset.

The wrong mindset is preventing them from getting started. The right mindset will ensure they get those first steps taken.

The takeaways

If your organization doesn’t have a cybersecurity program yet, you need a mindset shift, which starts by accepting these bullet points:

  • We cannot escape cyber, nor technology
  • We don’t have to love it
  • We do have to manage it
  • We don't have to be experts in it to make decisions
  • We can't outsource all decision making and management of this area to an outside vendor or consultant
  • We can seek outside guidance and advice
  • We do have to do some diligence
  • Cybersecurity is about decisions people make
  • You must do something about cybersecurity
  • Something is better than nothing
  • One or two steps is better than no steps
  • Small steps are better than no steps
  • What you do must be enough to be reasonable, be defensible
  • What you do should help protect, comply, improve efficiency (to do the mission)
  • Organizations that are doing nothing about cybersecurity, are missing an opportunity
  • Organizations that are doing nothing about cybersecurity risk being accused of being negligent, sloppy, and deficient
  • Organizations that are doing nothing about cybersecurity are probably being negligent, sloppy, and deficient
  • Use my concepts and DIY cybersecurity program to get started and move forward in an efficient manner

These bullet points are accurate, place responsibility where it should be, and dispels common myths and excuses. Once accepted by the managers and leaders of the organization, they will be in the proper mindset to start moving forward.

My concepts and cybersecurity program

I am very familiar with the challenges and misconceptions people and organizations face with cybersecurity.

Furthermore, these issues mean that many small organizations have not even gotten started, because they often lack and employee, manager, or owner who has expertise in cybersecurity, technology, cyberlaw, or governance. Without that internal advocate, the project and program often never even gets started.

  • Cybersecurity three main goals - Bandler 2025-12-23

    My concepts on cybersecurity help with the mindset to prioritize actions and understand the basics, and include:

    • Three main goals of cybersecurity
      • Accomplishing these leads to an important fourth goal
    • Cybersecurity dial
    • Four Pillars of Cybersecurity
    • Five Components for Policy Work (and Management)
    • Three Platforms to Connect for Compliance
    • Bandler's DIY cybersecurity program.

Every organization needs a cybersecurity program

No organization can afford to ignore cybersecurity, so they need to build and maintain their cybersecurity program. I have built resources on this and can provide services as well (see links below).

There is more to know about cybersecurity

Yes, there is a lot to cover on cybersecurity. That's why I wrote a book on it in 2017, and am writing another, and have a lot of articles and videos on the topic.

More learning

To learn more about cybersecurity, consider these:

This page is hosted at https://johnbandler.com/cybersecurity-mindset. Copyright John Bandler, all rights reserved.

Page posted 05/11/2026. Updated 05/11/2026