Software Security OKRs and KPIs

How do we measure and prove the worth of our software security program? What OKRs and KPIs are effective in communicating success? What different audiences do we need to reach (engineering, senior leaders, the rest of security) and what should we share with each?

This is not a presentation, but rather a topic-focused discussion where we'll address these questions and more. Come and bring your opinions, or just listen and learn. It's always a great chat with great people!