From Startup to Scale: Choosing the Right AppSec Path (god2025)

Security teams often inherit their organisation's structure - for better or worse. The way you design your AppSec programme and choose your team topology can determine whether security becomes a trusted enabler or a frustrating bottleneck. In this story-driven session, we follow Alex, who begins as the only security person in a 50-person startup. At first, Alex builds a centralised AppSec team, finding it effective for control but slow to scale. As the company grows to hundreds of employees, bottlenecks appear, and burnout looms. Alex experiments with embedded security engineers, Security as a Platform, and a Security Champions network, learning the trade-offs of each approach along the way. Licensed to the public under https://creativecommons.org/licenses/by-sa/4.0/ about this event: https://c3voc.de