If you are serious about secure software development, you should be eager to establish security requirements engineering as the backbone of you SSDLC. Once you have reached mastery in this discipline, the effects can be felt throughout the whole development process. In this talk Thomas will discuss the fundamental buildings blocks of security requirement engineering based on OWASP SAMM v2 and how to integrate this activity in your established practices. He will also show common pitfalls others have made so that you can avoid them right from the start. No matter where you stand right now, this talk will inspire you to take another step on the maturity ladder towards mastery.