This document summarizes a presentation about overcoming confirmation bias in security. The presentation discusses how security professionals often rely on metrics that don't provide useful information for managing risk. It advocates developing quantitative risk scores linked to business goals to make better risk management decisions. The presentation also warns against signs of confirmation bias, like only looking at past security events rather than probability of vulnerabilities, and provides tips for creating effective security metrics.