Conclusion: This research note sets out and describes the Security Leadership capability maturity model. In using this model, organisations must be honest about their current level before they can even speculate on the benefits of working towards a higher maturity level. Working towards higher levels of maturity has clear benefits for both IT and the business, as well as business alignment of IT. However, a critical part of the journey will be dealing with any resentment from business units about their experience to date. Security Leadership cannot emerge unless prior bad experiences around service delivery are acknowledged and addressed, because it is a commitment to trust and resilience from the organisation as a team.