Security is being out-gunned by cloud native development. To improve, leaders must measure their capabilities. What is our coverage? How efficiently are we burning down risk? At what rate are we creating new risk? And what is the time to live of these risks? This talk will demonstrate how to apply basic predictive analytics to answer these questions for cloud native development security risks.