Security Metrics that Count

Twilio's security team has developed a set of metrics to quantify their security capabilities and demonstrate the value they bring to the company. These metrics are designed to help different audience groups within the organization, including executive-level leadership, VPs, product managers, and engineering managers. The metrics cover both the security health of the organization and the maturity of the security program. To generate these metrics, Twilio uses data from Jira, their issue management system, and automates the process using Python and Google Data Studio. By reimagining their security metrics, Twilio has seen teams actively take ownership of open vulnerabilities and fix them once they have seen the reports.