Project management

by John Bandler

Project management is the process of managing a project. Projects should be managed well.

A project is work that has a start and end to accomplish a goal, make some improvements, deliver a "deliverable".

Compare a project to "operations", which is normal, ongoing business of an organization (without a start or end).

Some people and organizations may tend towards one or more of these extremes:

  • No management process at all (disorganized, chaotic, and inefficient)
  • Excessive bureaucracy and approvals (cannot get anything done or make any progress)

The key is to find the right degree of project management process. Remember that projects are about the journey and the destination (not just the deliverable/destination)

Project management steps

There are various phases to the project though different methodologies call them different things. Adapt for your needs and organization.

  • Planning and scoping
  • Start of project
  • Executing, monitoring and controlling
  • Closing and completion of project

Within the project you want to create many mini-phases or milestones, adapted to your project.

Defining the project

Projects should be defined to include:

  • Scope (amount of work and level of detail)
    • Quality is a factor too
  • Time (duration of project and hours)
  • Cost (hours and financial)

Project methodologies

  • Panic and Pray (not recommended)
  • Planning, shmanning, when there is no time to plan (not recommended, but I build this out for the many who find themselves in this situtation)
  • Waterfall (linear, sequential phases)
  • Plan-Do-Check-Act (PDCA) model (Deming Cycle, Shewhart Cycle)
  • PMBOK, Project Management Body of Knowledge
    • Project Management Institute’s (PMI’s) Project Management Body of Knowledge
  • PRINCE2 (PRojects IN Controlled Environments)
  • Agile (less formal, cyclical and iterative with incremental improvement)


This article is (of course) not tailored to your circumstances, nor is it legal or consulting advice.

This is to inform and you assume all risk for cybersecurity decisions you make. This is an introduction and more can be written on this topic.

I may explain nuances further in other articles, or one of my books. Other experts may have differing opinions.

Ask ten different experts in law, IT, or IS, you will get ten or more different definitions for a term, and as many different recommendations for cybersecurity posture. Cybersecurity is about decisions and risk management.


Good project management is important.

If your organization needs help with improving its cybersecurity, feel free to contact me.

Additional reading

This article is hosted at, copyright John Bandler, all rights reserved.

This article is also available on at NOT YET (though not kept as up to date).

Originally posted 2/11/2024, updated 2/11/2024.