After spending the last 1 or 2 years getting your DevOps process right, here it comes the new security guy: "We need to move to DevSecOps". This talk wants to share my personal experience, challenges, and successes as DevSecOps Architect in implementing DevSecOps in different DevOps processes. The talk starts with the main question: "where do we start?" to then moves to topics like IaC security, policy as code, SAST, SCA, SBOM, Security Champions, CI/CD security, supply chain security, logging and monitoring and DevSecOps maturity. Don't look at it as a list, but as a mix of connected resources that will increase automation and reduce manual bottlenecks. At the end of the talk, attendees should already be able to picture their DevSecOps journey ahead. DISCLAIMER: if you are hoping to completely "remove" the security guy from the picture, this is not the goal of this talk.