Digital transformation involves removing the barriers to delivering value to customers. The mechanisms of digital transformation: DevOps, microservices architecture and others, simplify and speed delivery but complicate aspects of security–particularly vulnerability discovery. Yet, as firms release more and more microservices to production, and do so more frequently, the need to understand changes to the attack surface increases. Using data from recent surveys, ZeroNorth CTO John Steven will illustrate how, by doing well-known security activities differently and by doing fundamentally different activities, security is able to align with the modern development architectures and cultures. Specifically, we’ll address questions like: What’s the place of OSS in vulnerability discovery? What does a secure SDL and CI/CD pipeline look like? What do governance gates look like in a continuous world?