The Security Maturity Checklist

A year ago I founded a conference, and this weekend was the fourth iteration of it, adaconf3 (the first was adaconf0).

I am really happy about the awesome lineup, and I also did a lightning talk, beta testing a small part of an upcoming talk called Why Penetration Testing Sucks – Finding a more efficient road to Security Maturity.

For a frequent reader of this blog my observations and remedies should be no surprise, and I was really happy with the audience laughing in the right place. Like on this slide:

I’m also really happy with the insightful questions I got. I find that in conversations and Q&A’s I often get to distil my thoughts and connect new dots.

These are the key take-aways, my Security Maturity Checklist, version 0.9.
What am I missing on this checklist? Do you not agree with me? The title of the talk might be provocative, but I truly want to open up a constructive discussion, to make security work a little more efficient, and a lot nicer for everyone involved.