How to assess your organization's security maturity
Thoughtworks Technology Podcast
Thoughtworks
4.7 • 53 Ratings
🗓️ 13 June 2024
⏱️ 40 minutes
🧾️ Download transcript
Summary
One of the fundamentals of security is self-awareness: knowing where you may be vulnerable, the practices and processes that aren't yet quite in place and what actions you need to prioritize are essential if your organization is to excel at security. But how can that be done? In complex and distributed teams, surfacing such knowledge can be incredibly difficult. One solution, though, is something called a security maturity model.
In this episode of the Thoughtworks Technology Podcast, Thoughtworks alumnus Diana Adorno and current Thoughtworkers Lisa Junger and Robin Doherty speak to host Alexey Boas about a security maturity model they've developed that was recognized by the prestigious CSO50 Awards. They explain the purpose of developing and using one, how theirs works and why it should matter to any organization that wants to get serious about the way it does security.
Transcript
Click on a timestamp to play from that location
| 0:00.0 | Hello and welcome to the ThoughtWorks Technology podcast. |
| 0:11.0 | My name is Alexei. I'm speaking to you from Santiago Inche and I'm going to be your host this time. |
| 0:17.6 | And this time around, we get an opportunity to talk about security in organizations. And |
| 0:22.7 | for that, we have Diana, Lisa, and Robin here with us from a couple of different places, I guess. |
| 0:30.0 | So maybe we can do a quick round of introductions. Diana, can you kick us off, please? |
| 0:35.7 | Yeah. My name is Diane O'Dorno, and I am a product designer at a qualitative researcher. |
| 0:41.8 | I've been worked with the thought works for 14 years and spent three years with the |
| 0:47.8 | InfoSec team, and so my background is computer science and applied psychology. |
| 0:53.8 | Thanks, Diana. And how about you, Lisa? |
| 0:57.3 | Hey, I'm Lisa Junger. I am speaking to you from Hamburg, Germany. And my role currently in |
| 1:05.7 | ThoughtWorks is the global head of security operations. And I've been heavily involved in the thinking around the security maturity models. |
| 1:14.4 | I'm really happy to be here and, you know, share my thoughts. |
| 1:18.2 | Yeah, and we're happy to have you. |
| 1:19.7 | Thank you. |
| 1:20.4 | And how about you, Robin? |
| 1:22.4 | Hello, I'm Robin Doherty. |
| 1:24.5 | Like Diana, I'm based in Australia, although I'm in Sunny Brisbane and she's in |
| 1:29.2 | sunny Perth. I joined ThoughtWorks about 12 years ago as a developer, but now I'm a security guy, |
| 1:36.4 | and I've switched between a few different operational and consulting roles in my time here. |
| 1:42.7 | So I've done some security consulting with ThoughtWorks, particularly on |
| 1:46.2 | security strategy. And last year I was the acting CSO for one of our clients. These days, I'm back |
| 1:52.2 | at ThoughtWorks, leading our team of business information security officers or BISOs, who are kind of like |
... |
Transcript will be available on the free plan in -289 days. Upgrade to see the full transcript now.
Disclaimer: The podcast and artwork embedded on this page are from Thoughtworks, and are the property of its owner and not affiliated with or endorsed by Tapesearch.
Generated transcripts are the property of Thoughtworks and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.
Copyright © Tapesearch 2025.