As more and more organizations move their workloads to the cloud, their infrastructure is immediately exposed to attackers. As recent ransomware attacks demonstrated, attackers use fully automated tooling to quickly hold companies hostage. It is a continuous challenge to prioritize and automate security requirements while measuring the success of security operations. First, I’ll talk about common challenges like “vanity metrics” – metrics that show your engineering team is doing well but doesn’t prove how you helped the business become more secure. I’ll cover how to pull teams together through shared metrics with DORA and SPACE frameworks. Second, I’ll talk about tooling that helps your team ramp up AWS account security quickly by leveraging open source tools like Terraform, Ansible, and dev-sec.io. After this talk, participants will be able to quickly identify security debt and be in a better position to make strategic and informed decisions. This leads to cost reductions by avoiding unplanned work and encourages organizations to achieve operational excellence.