We’re a small security team inside a growing SaaS org, and during enterprise sales and audits, we kept getting asked:
“How mature is your SOC?”
The usual frameworks (NIST CSF, MITRE ATT&CK) are great but heavy — hard to apply without a full SIEM or IR team.
So we built a self-assessment tool focused on practical maturity signals like:
Logging & alert coverage
IR workflows
Automation usage
Post-incident reviews
Framework alignment (at a high level)
It generates a maturity score + highlights where to improve. It’s been helpful for planning, reporting to leadership, and onboarding new security hires.
The usual frameworks (NIST CSF, MITRE ATT&CK) are great but heavy — hard to apply without a full SIEM or IR team.
So we built a self-assessment tool focused on practical maturity signals like:
Logging & alert coverage
IR workflows
Automation usage
Post-incident reviews
Framework alignment (at a high level)
It generates a maturity score + highlights where to improve. It’s been helpful for planning, reporting to leadership, and onboarding new security hires.
We cleaned it up and released it publicly: