In this workshop we will build from scratch or add onto your existing application security program / secure system development life cycle (SSDLC). This workshop will consist of lecture, discussion, and written assignments, and you will walk away with an extensive plan for your new security program. Topics covered: all types of application security activities and tools, policies, standards and guidelines (with several samples to get you started), how to scale your security program and team, developer advocacy and education, and important metrics to gather and how. Time-permitting we will also cover incident response and prevention.