Sandy has forgotten more about SDLC, AppSec and software security than most folks will ever know. I was very lucky to get to pick her brain for a few minutes on how this affects the software lifecycle, and discuss her thoughts on how we "shift left" on building secure code.