Think about your ratio of security staff to product engineers. Expecting the (relatively) small staff of security specialists we all have to handle security and compliance entirely on their own is a recipe for disaster. To truly understand the products you secure, and the engineers who work on those products, you have to play in their sandbox, integrate into their existing processes, remove overhead wherever possible, and speak their language…your security team needs to operate as a service. Automate processes wherever possible to help capture the necessary data to ensure good security is happening – and constantly evolve and improve the quality of that information to ensure it is driving expected behavior. In this talk you’ll learn from Julia how Adobe was able to make this work in relatively short order and how you can take all of the best practices learned and developed back to your organization and create your own “culture of security.”