One of the fundamentals of security is self-awareness: knowing where you may be vulnerable, the practices and processes that aren't yet quite in place and what actions you need to prioritize are essential if your organization is to excel at security. But how can that be done? In complex and distributed teams, surfacing such knowledge can be incredibly difficult. One solution, though, is something called a security maturity model. In this episode of the Thoughtworks Technology Podcast, three Thoughtworkers — Diana Adorno, Lisa Junger and Robin Doherty — speak to host Alexey Boas about a security maturity model they've developed that was recognized by the prestigious CSO50 Awards. They explain the purpose of developing and using one, how theirs works and why it should matter to any organization that wants to get serious about the way it does security.