Explore a provocative approach to application security in this Black Hat conference talk. Challenge conventional wisdom as the speakers advocate for a tactical, results-driven security program. Learn how to establish a lightweight yet effective team capable of conducting numerous assessments, handling bugs efficiently, and implementing a private bug bounty program within a year. Gain actionable advice for program managers and discover strategies for workers to drive change from within organizations. Examine the pros and cons of public bug bounty programs and understand why the speakers advise against them. Delve into topics such as operational excellence, application assessments, incident response, and effective communication strategies. Discover real-world case studies, practical examples, and key takeaways to improve your organization's security posture through a tactical, agile approach.