Build Bandler's Cybersecurity Program Yourself
By John Bandler
In this page we provide the simple steps for you to build my cybersecurity program yourself in your organization. This assumes your organization has no program at all, you are starting from zero.
These are the basic steps to get you started. (Other pages provide more detail -- see links at bottom).
Once you build it, you need to maintain and improve it, and I have a separate page on that.
1. Start from scratch and build your cybersecurity program
If your organization has no cybersecurity program or policy, you need to build it. That will involve implementing my written cybersecurity policy, understanding and following it, establishing management, and training. Here are your steps.
1.1. Download and implement my Cybersecurity Policy (Free Version)
This can be designated as the rule of your organization, and includes an incident response plan.
1.2. Designate someone to be in charge of cybersecurity in your organization
Obviously this is not their full time job, but is an additional and important duty. They should spend reasonable time on this new duty.
1.3. Train every organization member on your new policy.
Everyone needs to read it and understand it. A policy only has meaning if people know it and follow it.
1.4. Look for areas of improvement, starting with priority "low hanging fruit"
Look through the policy for areas you may not be properly implementing yet.
Look for areas you may not fully understand yet, and explore the definitions or additional resources.
Focus on three main goals (1) protect from cybercrime, (2) comply with legal requirements, (3) improve efficiency and improve the management of information systems.
1.5 You have built your cybersecurity program
Assuming you have done the above steps with good faith reasonable diligence, devoting sufficient, reasonable time and effort, then you have now built your cybersecurity program.
You have done something, which is much better than nothing.
2. Improve your existing cybersecurity program
While you are building your program, remember that cybersecurity is a process of continual improvement, you can never stop. It takes years to build a culture of good management for your cybersecurity program and information systems.
After you have already implemented my cybersecurity program (as above), I provide a framework to maintain and continually improve it here:
3. Yes, DIY is possible
Yes, you can do this. DIY is possible. Every organization needs an effective cybersecurity program, that is clear.
Many organizations are small and with limited resources, they do not have a full time information security employee, much less a chief information security officer (CISO) with staff. Most organizations don't even have a full time information technology employee. Some cannot afford to hire an expert.
But yet they still need to manage their information technology and security, even and especially as they hire outside vendors for IT related services.
My resources on this website will help you, and also my 2017 book, and my future book on cybersecurity (coming 2026 I hope).
4. Appreciate my free resources?
If you appreciate the free resources I am providing, please consider the thoughts in my article Give Forward or Give Back.
5. My services
If you need help, I offer services to help get you going and move you forward. Hourly consultation or a flat fee guided implementation. You can get some basics in place and done, including (1) documentation, (2) initial training, (3) high priority initial improvements.
6. Disclaimers and terms
See all my disclaimers and terms on my free cybersecurity policy and for this website.
Summarized briefly: Information governance, cybersecurity, cybercrime protection, and compliance is challenging. You assume all risks, I have no liability, I retain all of my intellectual property rights.
This DIY method is exactly what it is, and no more. It is a DIY method to build your own cybersecurity program, recognizing that many small organizations lack the resources for professional assistance, even for an hourly consult. This is not a magic, effortless solution, nor is it a substitute for expertise in information technology and cybersecurity.
This is my gift to you, you agree not to sue me no matter what harms befall you, and you might even give back.
7. Additional links
- Build Bandler's cybersecurity program yourself (this article)
- Cybersecurity Policy (Free Version)
- Video: Build Bandler's cybersecurity program yourself (also embedded below)
- Next: Maintain and improve your implementation of Bandler's cybersecurity program yourself
- See my Bandler Cybersecurity Program DIY program video course either on YouTube or Udemy
- All of my Bandler Cybersecurity Program DIY webpages here (videos embedded at bottom of each page)
- Build Your Cybersecurity Program
- Bandler's cybersecurity program
- Cybersecurity program
- Cybersecurity Services
- Introduction to Cybersecurity and Information Security
- Bandler's Four Pillars of Cybersecurity
- Cybersecurity Tips From John Bandler
- Cybersecurity Policy (Free Version)
- Cybersecurity things to know
- Policies and Procedures Book
- Cyberlaw book
- Cybersecurity for attorneys (course outline)
- Cybersecurity and Cybercrime Prevention (course outline)
- Cybersecurity course at Udemy
- Key terms definitions
This page is hosted at https://johnbandler.com/build-bandlers-cybersecurity-program-yourself. Copyright John Bandler, all rights reserved.
Page posted 9/8/2025. Updated 12/04/2025