Explore effective strategies for building and implementing Application Security programs in this 33-minute conference talk from AppSecUSA 2018. Gain insights into the challenges of establishing AppSec functions in various organizational environments, from startups to large enterprises. Learn how to navigate the complexities of creating a security culture that goes beyond mere compliance. Discover practical approaches to driving defensive capabilities, empowering teams, and adapting to different tech cultures. Topics covered include interview techniques, avoiding unnecessary upsells, metrics, static analysis, Kaizen principles, and asset management. Benefit from the speaker's extensive experience in Financial Technology organizations and learn valuable lessons for developing robust AppSec programs tailored to your specific organizational needs.