How do you talk security to leadership? How do you convince leadership to dedicate resources to fix issues found by your security capabilities? Do you have an answer when your CEO or CTO asks you what risks exist in a particular Business Unit or Product within the company?
Over the past year, we have been working on ways to create meaningful metrics at scale within Twilio and use them to drive change. In this presentation we will talk about motivations, challenges and how we built automated near - real time metrics that helped us use a data driven approach to working with engineering teams to move the needle forward on Twilio's security posture.