The SI Offensive Cyber Security Maturity Model is a visual illustration of the journey an organisation takes in improving their overall security posture and maturity. We hope that this model can help you to:

• Validate and improve your existing practices.
• Serve as a guideline to assist you in building your own roadmap and capabilities over time.
• Provide sensible suggestions for how these practices stack in maturity.
• Answer the question 'what next?'

We identified the need for the model following discussions with clients, CISOs and other security experts within the industry, that highlighted that all too often there is a fundamental misunderstanding of offensive security engagements – what they entail, how they should be adding value to an organisation, and where they fit into the overall maturity journey.

The purpose of the model therefore is to help CISOs and security teams to test and validate their existing practices, to make sure that they are getting the most effective results and creating the right business outcomes. The model aims to provide a guide to how offensive security practices can develop and stack over time, demonstrating what ‘good’ actually looks like, and using examples to help security leaders to self-identify where they are in their maturity journey, to start the conversation around where their next steps may be.  

What’s included in the e-book?  

• What is the maturity model and how can it help you? 
• What does each level look like? 
• Practical steps to take at each level
• Examples that demonstrate what 'good' looks like and common mistakes
• Top tips for your maturity journey