Many security practitioners are still focusing on ISO27001, the quarterly pen test, and the once a year end user training, while their own business’ engineering organizations have traveled to another galaxy, and security researchers have spent a year of their lunch money on bug bounties.

In a world where everyone is telling security that we have to keep “moving to the left” to be ahead of adversaries and security research, is there a way to run a security program that really keeps us from being left behind?

This session presents a brief overview of the problems with current approaches to product security, security by design, and secops, and offers a case study and template for implementing DevSecOps and Chaos Security Engineering successfully – where the business teams, developers and engineers, and security researchers all work together in an integrated and supportive approach.