Explore how the Argo project transitioned from being security-aware to adopting a security-first approach in this 34-minute conference talk by Henrik Blixt and Michael Crenshaw from Intuit. Gain insights into the journey of an incubating CNCF project as it navigates the challenges of enhancing its security posture. Learn about the implementation of project processes for handling reported vulnerabilities, collaboration with external security companies, and the support received from the CNCF. Discover engineering best practices, including concrete implementations of SBOMs and Fuzzing. Benefit from valuable information applicable to incubating or sandbox projects aiming to improve their security stance, as well as insights relevant to any software project or product. Delve into topics such as the Argo Project background, formation of Argo SIG Security, formalizing documentation processes, and leveraging CNCF and community project resources.