Tradeoff decisions are the hallmark responsibility of upper management. This is as true for Security leaders as it is for business leaders, who must form and execute strategy, and for engineering leaders, who must select technologies and focus development efforts. The most effective way for Security leaders to communicate with their peers in other departments is to couch their decisions as rational trade-offs made between measured options. In this session we discuss two useful frameworks for measuring security efforts. “Reachability” is a relatively straightforward way to measure the likelihood that a vulnerability can be exploited by a malicious actor. “Risk” layers in additional factors to get to a financial understanding of threats. Together, they are the new language for Security leaders.