The book includes insights from the following experts:

  • Lester Godsey, City of Mesa, CISO, The Security Maturity Discussion Should Be Risk-Based >>
  • Deepak Palakunnath Kunnenkeri, Fuji Xerox Asia PAcific Pte Ltd.,  Information Security & Audit Manager (RISO), Security Maturity Must Be Viewed in a Business Context >>
  • Jonathan Levine, Intermedia, CTO, CIO, CISO, Security Maturity Begins at Deployment >>
  • Dilip Panjwani, Larsen & Toubro Infotech Ltd (LTI), Begin by Getting the Most out of Your Current Investment >>
  • David Billeter, CA Technologies, Chief Information Security Officer, Aligning Business & Security Culture is Critical >>
  • Daniel Schatz, Perform Group, CISO,  Benchmark Your Practice Against a Security Framework >>
  • Dave Ruedger,  RMS, CISO, Start with a Baseline and Validate as You Go >>

7 Experts on Security Maturity was generously sponsored by Trustwave.

When it comes to cybersecurity, how do you know your organization is doing enough to protect itself? One way is to fall victim to an attack and decide after the fact that you weren’t doing enough. That works, but there is a better way. You can assess the maturity of your security practice and then decide if it is appropriate for your business.

But how do you think about, measure, improve and communicate the state of your security maturity?  With threats coming from every direction and non-technical people, such as business managers, playing a more prominent role in security planning, this is especially challenging. To learn how companies manage their security maturity, and with generous support from Trustwave, we asked seven security experts the following question:  

What advice would you give on how to improve the maturity of a business’s security practice?

This is an interesting collection of essays because the experts approach the question from the perspectives of their businesses. One expert stresses the importance of starting with your deployment pipeline, while another recommends benchmarking to a security framework. All the experts agree that security maturity must be discussed and measured in a business context, because ultimately it deals with business risk.

I find these essays provide refreshing perspectives on a challenging issue every organization faces today. I hope you agree.