Developer-first security is a cultural transformation that you cannot achieve without building your approach around Gene Kim’s 3 Ways of DevOps: Flow, feedback and learning. This talk defines those concepts using supporting application security examples and visuals that will bring them home to security leaders. The talk identifies the bottleneck preventing most development teams from achieving flow on vulnerability resolution, the ideal place to provide developer feedback and why it’s 100 times more effective than where most folks are providing it today, and the keys to turning every incident and vulnerability into a learning opportunity.