The mission of Lyft Security is to empower the company to make informed and automated security decisions. To achieve this, we built Cartography (https://github.com/lyft/cartography) - a tool that consolidates our technical assets and the relationships between them in an intuitive graph database to enable quick exploration, repeatable decisions, and automated workflows. In spring 2019, we released Cartography to the open source community and have been thrilled to receive code contributions and hear about how a wider audience has been using it. This talk highlights how we leverage Cartography at Lyft to improve and scale decision-making. Attendees of this session will be introduced to our platform and shown a broad set of compelling scenarios including reducing security debt, tracking and alerting on infrastructure changes, and enabling teams to see and better understand their security risk. In short, we hope that sharing our approach to these problems with Cartography will help you achieve these same outcomes in your own organizations. What new research or technique is included: - Use graph database to better understand security risks and take automated actions at scale. Takeaways: - Representing technical assets in a graph database helps uncover unexpected permissions relationships. - Cartography’s extensibility has allowed us to build an automated platform to discover and act on changes to our infrastructure. - Specifically, Cartography can be used to reduce security debt, track and alert on infrastructure changes, and allow teams to better understand their security risk.