Automation can be used to define and apply security policies throughout the lifecycle of an application. Early steps have focused on automating security scans in the CI pipeline. Setting up the scanners takes minutes; the paradigm shift is the hard part. This session will share barriers that many have encountered along with six steps to start using security-as-code to accelerate DevSecOps.