This session will provide a practical guide for building effective application security at startups, focusing on aligning security culture with startup agility while managing risks. Key topics include avoiding overwhelming prescriptive approaches, applying security throughout the product lifecycle, and practical strategies for founders, engineers, and new security hires.