With the rise of DevSecOps, "Shifting Left" has become an industry buzzword. To some, it has been interpreted as 'let the developers figure it out." For a lot of people on the left side of the software development lifecycle, such as developers and platform engineers, this can seem like an oncoming avalanche of standards, 40+ page PDFs, and requirements that come from teams who never talk to an end customer.

But what if we shift all the way left? All the way to before the developers write a single line of code? What if we start building security into our projects while they are still just drawings on a whiteboard? It turns out that a few extra hours and some very inexpensive whiteboard ink, applied early on, can improve security, encourage better cross-team collaboration, and make for a smoother overall build and deployment process.

This session is for any developer who is frustrated with failing tests late in the dev process. This session is also for security teams who feel isolated and who end up in adversarial positions. This is for any team members that hate the current devs vs security mentality that is present inside so many organizations. Let's learn to work together earlier and with better, more secure code as a result.

In this session, we will walk through:
- The issue with security and most teams' SDLC
- What sharing security responsibility was supposed to solve
- A developer's overview of threat modeling
- You want to use what data? How to deal with compliance early
- Establishing an ongoing communication plan