Security professionals are trained skeptics. They poke and prod at other people's digital creations, expecting them to fail in unexpected ways. Shouldn't that same skeptical power be turned inward? Shouldn't practitioners ask: "How do I know that my enterprise security capabilities work? Are they scaling, accelerating, or slowing as the business exposes more value to more people and through more channels at higher velocities?" This is the start of the modern measurement mindset-the mindset that seeks to confront security with data.