Like many of the OWASP projects, the OWASP DevSecOps Maturity Model provides an excellent framework and roadmap for companies looking to truly apply security in a cloud-native and fast-paced engineering world. However, like all things Dev+Ops related, whatever isn’t automated is much more difficult to practically apply to our systems. This is true from post-mortem learnings to security plans.Open source security tools have also evolved immensely over the years, and there are many excellent, well-maintained, and robust tools that provide very good coverage for many of the layers of the DSOMM model - many of them provided by OWASP. In this talk, we’d like to walk you through the different security requirements in the different stages of the DSOMM framework and do live code demos for each taking a deep dive into how to apply the relevant security control with great open source tools for each requirement.