People talk quite a lot about things like 'shift left" that make it sound as if it is a new concept -- sold at your finer consultancies -- to build things properly in the first place. After two decades of incident response, smoke jumping and Tech Debt burndowns, I think it's time to talk about the way teams can build security not just into the product but into the company culture by examining some basic realities of the product development process. This is not just for tech companies; it's for any firm with a process by which they turn ideas into money. Because for all the SDLC tools, all the configuration platforms, the code scanners, and the security and code testing doodads out there, nothing in my experience works as well as starting with the basics: including security and legal experts as well as the people who manage the internal services that will be your upstream and downstream dependencies at the ideation stage. The amount of weapons-grade stupid, the mountain ranges of tech debt, and the broken business promises that this simple plan can avoid make it hard to believe that it's so rare to find these practices in mainstream companies. In this talk, I will describe the most common side effects of failing to do this, how those side effects manifest into cultural roadblocks, silos, and sadness, and most important: how you can break the cycle, slash through the Gordian knot of despair and missed deadlines, and return to cranking out product like a start up. About the speaker: Nick Selby is the founder of EPSD, Inc., and he has more than 20 years of experience advising organizations in highly targeted industries. Previously, he led professional services at Evertas and served as Interim Executive Director of the Cryptoasset Intelligence Sharing and Analysis Center. His executive roles have also included stints at Trail of Bits and Paxos Trust Company. He managed cyber incident response at TRM Partners and N4Struct, and in 2005 founded the information security practice at 451 Research (now S&P Global Intelligence), where he served as Vice President of Research Operations until 2009. As Director of Cyber Intelligence and Investigations at the NYPD (2018-2020), Selby led cybercrime investigations for America's largest police department. Selby serves on the Board of Directors of the non-profit National Child Protection Task Force and the advisory board of Sightline Security. While retired from law enforcement, he continues to serve as a reserve detective for a Dallas-Fort Worth area police agency, where he investigates crimes against children and the cyber aspects of real-world crimes.