Many teams know it's time to start getting serious about security, but don't know where to start. In this talk, I'll try to tell you as much as possible in 30 minutes about what you do need to worry about, when you need to worry about it, how you can fix it, and what you don't need to worry about — yet.

We'll go over application security, infrastructure security, detection and response, and all the random IT cruft that you've started using and forgotten about already. You'll get a balance of "how to think about security" and "do these specific things first", along with some of the pitfalls teams run into. We'll also cover the choices you can make about both your technology and how you manage your teams that can make the systems you build more security and more resilient.