ICP 1: Engineering Leader - SDLC Maturity Assessment

Thank you for taking the time to complete this assessment. Your insights will help us understand the SDLC maturity challenges engineering leaders face across security, privacy, and operational resilience, and how unified platform approaches can address them.

This assessment takes approximately 12–18 minutes. All responses are confidential.

Your Contact Details

Name *

Please enter your name

Email Address *

Please enter a valid email address

Position / Title

Organisation

Section A: Your Organisation

1.What best describes your role? *

Head of Engineering
Chief Technology Officer (CTO)
VP Software Development
Application Security (AppSec) Lead
Other:

Please select your role

2.How large is your engineering organisation? *

Please select your team size

3.What industry sector does your organisation operate in?

4.How many concurrent development projects does your team typically manage?

Section B: Current SDLC Challenges

5.Where in your SDLC are security or compliance issues most commonly discovered? *

During design and architecture review
During development and code review
During testing and QA
During UAT or pre-release
In production (post-release)
During external audits

Please select when issues are typically discovered

6.Rate the severity of each challenge in your engineering organisation:

1 = Not a Problem, 2 = Minor, 3 = Moderate, 4 = Significant, 5 = Critical

Challenge	1	2	3	4	5
Immature SDLC processes — inconsistent security practices across teams
Late-stage security fixes — 'bolted on' after development causing delays
Privacy compliance gaps — GDPR Article 25, data minimisation failures
Resiliency failures — lack of fault tolerance, inadequate disaster recovery
Developer friction — tools too complex or disconnected from workflow
Lack of visibility — no quantifiable SDLC maturity metrics for leadership

7.What is the single biggest risk you currently face in your engineering organisation?

Security breach damaging reputation and revenue
Privacy violation and regulatory fines (GDPR up to €20M)
Availability failure causing customer attrition and revenue loss
Unpredictable release delays from late-stage security or privacy issues
Team burnout from firefighting instead of innovation
Audit failure due to inability to demonstrate SDLC maturity

Section C: Current Tooling & Approach

8.How would you describe your current approach to SDLC security?

Ad hoc — security handled on a case-by-case basis
Point tools — SAST, DAST, or dependency scanning in CI/CD
DevSecOps platform — integrated pipeline security
Manual security reviews — specialist team gate before release
Mixed — combination of tools and manual processes

9.How do your teams currently handle privacy by design (GDPR Article 25)?

Not systematically addressed
Legal/DPO review late in cycle
Manual checklists or guidelines
Embedded in development process with automated tooling

10.When are resilience and fault tolerance patterns typically considered in your architecture?

Not systematically considered
After incidents reveal gaps
Late-stage review before deployment
During architecture and design phase
Continuously throughout SDLC with testing and validation

11.How do you currently demonstrate SDLC maturity to your board or executive stakeholders?

We cannot quantify it currently
Manual reports and spreadsheets
Metrics from individual security tools (fragmented)
Unified dashboard with continuous scoring

Section D: Platform Capabilities

12.Rate how valuable each capability would be for your engineering organisation:

1 = Not Valuable, 2 = Slightly, 3 = Moderately, 4 = Very, 5 = Essential

Capability	1	2	3	4	5
Shift-left security — embedded from planning through deployment
Privacy by design — automated DPIAs, data minimisation from architecture
Resilience by design — fault tolerance and degradation from architecture
Continuous maturity scoring across all dimensions for board reporting
Developer autonomous guidance — no dependency on specialist teams
Unified dashboard — single-pane visibility across security, privacy, resilience

13.How would you react to a 91% reduction in threat modelling time with developer teams working autonomously?

Game-changer — would significantly improve our release velocity
Impressive — would want to validate with our own data
Sceptical — would need to see the methodology and references
Not directly relevant to our primary challenges

14.How important is it that a platform covers all three pillars (security, privacy, resilience) versus just security?

Essential — we need unified coverage across all three
Very valuable — reduces tool sprawl and integration complexity
Nice to have — security is the priority, others are secondary
Not needed — we handle privacy and resilience separately

Section E: Compliance & Regulatory

15.Which compliance frameworks does your organisation manage?

Select all that apply

ISO 27001
SOC 2
NIST CSF
PCI DSS
GDPR
DORA
NIS2
Other:

16.What percentage of your compliance work is reactive (responding to findings) versus proactive?

Mostly reactive (70%+ responding to findings)
More reactive than proactive (50–70%)
Roughly balanced
More proactive than reactive
Mostly proactive with embedded compliance

Section F: Solution Fit

17.Based on what you know about Trusted Path, rate your agreement with each statement:

1 = Strongly Disagree, 2 = Disagree, 3 = Neutral, 4 = Agree, 5 = Strongly Agree

Statement	1	2	3	4	5
This addresses the SDLC maturity challenges in my organisation
The efficiency metrics (91% faster threat modelling, £140K savings) are credible
A unified platform for security, privacy, and resilience is valuable for my teams
Builder-thinking (embedding from design) resonates vs. attacker-mindset tools
I would be willing to pilot a 30-day maturity baseline on 1–2 projects
I would recommend this internally if it delivers proven value

18.What concerns would you have about adopting a new platform across your engineering organisation?

19.What would be the ideal next step for you?

30-day comprehensive maturity baseline
Demo/workshop showing maturity scoring
Co-create ROI justification with cost savings
Technical architecture and integration review
Stakeholder alignment session
Not interested at this time

20.Is there anything else you'd like to share about your SDLC challenges or what you look for in platform solutions?

Thank you for completing this assessment.

Your insights will help us deliver solutions that give engineering leaders the control, predictability, and measurable improvement they need.