Learn from a two-year journey of building an application security program from scratch in a small-medium sized company with no prior security infrastructure. Gain valuable insights into successful strategies, pitfalls to avoid, and practical goal-setting techniques. Explore topics such as static analysis, application inventory, champions programs, open source management, threat modeling, metrics, and runtime intelligence. Discover how to prioritize focus areas, implement core security measures, and manage your security portfolio effectively. Benefit from real-world experiences, common-sense perspectives, and actionable advice for starting and improving your own AppSec program.