THE MATRIX
A comprehensive ground-up sequence of 24 controls spread over 6 levels. Provides a practical model for SMBs to build security controls in logical order.
24
Controls
6
Levels
4
Per Level
PROGRESSION
Each level builds on the previous. Complete Level 1 before Level 2. No skipping. No shortcuts.
LEVEL 6
RESILIENT
RESILIENT
C21
Purple Team
C22
Threat Intel
C23
Zero Trust
C24
Automation
LEVEL 5
SECURED
SECURED
C17
Red Team
C18
App Security
C19
Data Security
C20
Cloud Security
LEVEL 4
PROTECTED
PROTECTED
C13
SIEM/SOAR
C14
Pen Testing
C15
DLP
C16
PAM
LEVEL 3
HARDENED
HARDENED
C9
Network Seg
C10
Log Mgmt
C11
Vuln Scan
C12
Security Mail
LEVEL 2
FUNDAMENTALS
FUNDAMENTALS
C5
MFA
C6
Backup
C7
Awareness
C8
Incident Resp
LEVEL 1
FOUNDATION
FOUNDATION
C1
Asset Inventory
C2
Patch Mgmt
C3
Endpoint Prot
C4
Firewall
6 MATURITY LEVELS
6
RESILIENT
Adaptive & self-healing
5
SECURED
Advanced protection
4
PROTECTED
Active monitoring
3
HARDENED
Strengthened defenses
2
FUNDAMENTALS
Core capabilities
1
FOUNDATION
Basic hygiene
💡 KEY INSIGHT
Avoid erratic investments. Know exactly which control to implement next based on your current level. Build systematically, not randomly.