When I was doing digital security engagements in 2017, I’d run clients through an abreviated technology maturity model which was a hodgepodge of metrics mostly built around the engagement itself. The goal of those assessments was to help identify super-structural impediments to successful project completion. I wanted to make sure we could both understand what could go wrong outside of the technology pieces/security frameworks.

Today, I was looking at a really nice model put out in the context of electoral security which could be refactored to do short modeling exercises.

That said, I worry about short-cut modeling…I would do it mostly to help the organization and myself understand how realistic our expectations were. Also, to get accurate modeling, you have to get somebody on the executive team to buy-in and make time. Unfortunately, in the nonprofit sector, executives are often carrying a full load and it’s difficult to get their engagement (which is part of the more in-depth