In Financial industry, there is less importance given to Application Security, and more on compliance issues, until a Bank was hacked recently in Pakistan.

After that hack, all the Security Personnel, Information Security Assessment Companies were choked with their limited resources.

We decided, there couldn't be a better opportunity to Implement, and then market DevSecOps in our company, and in outer market.

We implemented the fundamentals of Application Security, starting from

- basics of Application Security Scanning (SAST / DAST)
- moved up to systems hardening
- then ultimately taken PA-DSS audits head on

We then started implementation of Automation every manual work we did in our Security efforts and we were quite successful.

Once we did that, we started marketing the things we automated in our technology community.

This talk would be that story.