The shift left movement is nothing new. DevSecOps have been conducting security tests earlier in the development process for years – but have headlines of successful attacks slowed down? The problem is this – the notion of shifting left is dependent on a standard linear development process. In reality, development is anything but linear. Effective DevSecOps requires testing in both staging and production environments, particularly with attackers increasingly targeting unknown, forgotten, and neglected assets. There are advantages to implementing both a shift left and right approach. Testing in development is important, but isn’t a silver bullet and it’s also critical to test in production. Shifting everything left, and acting like that fixes everything, is a mistake.