360° Security

Before jumping into building into a product security roadmap, understanding the lay of the land we are in is important. Taking a step back and having a eagle’s view (360°) can help us in laying out a good roadmap. Doing a SWOT analysis and creating a mindmap could help us here. For example, we are building a security roadmap for SaaS B2B company.

SWOT analysis

Strengths/Opportunities

1. Security is prioritised due to business needs.

2. Security Interests could be found among employees

3. How could we say our security posture is a strength to our customers?

4. Any good partnerships we could get within the org

5. What are the compliance certifications the org has?. Having SOC2, ISO27001 can ease us with existing controls

Weakness/Threats

1. Weak Security posture

2. Security Compliance gaps

3. Any critical vulnerabilities and gaps existing in the current environment

4. Less bandwidth

Getting the gaps, the immediate threats that we have to concentrate-on can be found by making a 360-degree mindmap. I created using People, Processes, Technology. Having SWOT analysis can prepare us which are those we can do and which are those are difficult to do thereby ease us in planning.

Mindmap

The mindmap could be difficult to view, you have to zoom in to view all those or visit the above read only figma link. This is not a full fledged mindmap , its a basic one to start. Each block has a confidence score which you can score. The higher the confidence lower the risk and priority. The confidence score can be calculated with info from right spoc and guts basis which you can get from your peers. This can give us where to start for our organisation. once we jolt down what is needed to start from scratch and maintain the balance of what customers want and what we want to make sure the company is secure. Any ideas or any other way of creating a roadmap, do let me know in the comments.