Talk to executives in IT divisions of large enterprises about security and invariably the conversation will hover around DevSecOps pipeline. Is DevSecOps the only thing you need to do for security in your IT division or is there more? What impact does bringing in secure culture in an engineering context mean? What handshake is needed between the IT function and the security / risk function for large enterprises? How does this impact roles and responsibilities of a developer? This talk is an attempt to answer questions such as these using a real world examples of transformations seen in Fortune 100 companies.