KPIs as code: How CMD Solutions built tools for continuous controls assurance

The magic ingredient is Steampipe's ability to define information security performance metrics as SQL statements.