Explore a comprehensive strategy for implementing effective security measures in small to medium-sized development teams through this insightful conference talk by Eleanor Saitta. Gain valuable insights on how to approach security as a collective responsibility, develop a unified strategy, and coordinate efforts across the organization. Learn why starting with technical work is important, but not sufficient, and discover how to teach teams to view security as a whole-systems outcome. Delve into topics such as risk assessment, cost considerations, security compliance, staffing, and when to engage consultants. Understand the relationship between security and other organizational aspects, and acquire practical tools to enhance your team's security posture. Whether you're an engineering director, a startup's first security hire, or a consultant, this talk provides essential guidance on building a robust security framework for your development team.