Explore a comprehensive conference talk on developing effective key performance indicators (KPIs) for security programs. Learn practical steps to create meaningful metrics that can be communicated to leadership, facilitating better organizational risk management. Discover how to intelligently choose cybersecurity standards as a foundation for defense, select appropriate tools for audits and risk communication, and identify community-defined metrics for measuring risk posture. Gain insights into laying a strong foundation for security program management, understanding popular security control standards, and implementing Six Sigma principles in conjunction with CIS Controls. Delve into the process of defining controls, measures, and metrics, and see how automation can lead to improved reporting. Examine the future of information security and learn how to operationalize security program metrics effectively.