Building effective security OKRs

This is an abridged version of my LocoMocoSec 2020 conference talk

How do you set the strategy for a security team? If your goals are vague, people on your team will work on whatever they’re interested in because there’s no clear mission. If you don’t measure impact, your organization will hesitate to give you resources because you won’t be able to show what they get in return.