 And I'm going to jump right into it because this is a lightning talk, and it's going to go by fast. Today, I'm going to talk to you a little bit about why, if you're doing DevOps right, you should be solving for security. And that's where, of course, a lot of these cloud-native security concepts and technologies come into play in terms of being able to deliver those outcomes. Now, we can't have a talk about DevOps without defining DevOps. And we could spend all day or all year on this, because if you ask 10 people what DevOps means, you'll get maybe 20 answers. But if we take a look at the Wikipedia definition, because no one's allowed to argue with Wikipedia, what you'll see is that there's an emphasis on the practices. Yes, there is a tool chain, but it's really about the practices that lead to this outcome. Shorten the system development lifecycle and you get high-quality software. To paraphrase, the goal of DevOps is shipping higher-quality code faster and more frequently, and, of course, to production, where it matters. Now, why does this matter from a security perspective? Which is actually, if you look at the number of common vulnerabilities and exposures that are getting reported every week, you see that over the last 10 or so years, basically since DevOps was born, there's been a 3 to 4x increase in how many of these CVEs are getting reported every week. Part of this is just we have more software. We've been kind of in this explosion and growth of the software industry taking over all kinds of industries. Or, as Mark Andreessen said, software is taking over the world, software is eating the world. That was his quote from about 10 years ago. And what we can see is that that brings along with it a lot of vulnerabilities. More code means more vulnerabilities, and how do we manage all of it? Now, if you kind of deal with that sort of at the end of your software development lifecycle, you get this kind of crazy effect where you're just getting hammered with the amount of code that needs to be scanned and remediated. And it feels a little bit like the scene out of I Love Lucy when they're in the chocolate factory. And they can't keep up. So the conclusion that we have here is that we need some amount of automation. It's essential. When you factor in just the growth in the number of CVEs out there, the growth in the amount of code that's trying to get out into production, and then you take into effect things like containers as sort of one of the staples of DevOps tool chains and how they're very ephemeral. So instead of patching and hardening of VM that we're gonna keep in production for a long time, we wanna throw it away and rebuild it again. So we're gonna need a lot of automation to deal with that. Now, there's kind of looking at this as we can't just automate at the end. We need to sort of cause security to happen in more places. Some people talk about this as shifting left or expanding left. And there's a couple things to consider here. One is just on the design side and how do you educate more developers to be mindful about security practices. But there's also thinking about how do we automate in security points of control along the entire development and deployment life cycle. And that's really where you start to kind of get into some of these cloud native security technologies where you can think about, hey, how do I get code from development into the hands of customers and in front of users? And what are my points of control in that life cycle knowing that we're gonna go around it again and again and again. Now, even the best laid plans, if you develop a system to do this, if it's painful to use, developers are gonna go around it and take the gumdrop path. And that's not because they're bad people, but it's because they're just trying to get their job done. Now, this was actually a really great insight that was shared in the state of DevOps report from last year, which is really about you have to make these platforms a compelling option. And this becomes really important when you design these platforms to help solve all these critical security needs, whether it's scanning or points of remediation and control, you spend all this effort to do that, but then you don't want developers to go around it. So you have to have them in mind as the customer. So how do you make it a developer friendly thing? So this is kind of the formula to think about, the mathematical proof, if you will, that gets you to, when you think about the outcomes you're trying to achieve, the challenges that security brings in, as well as things like the ephemeral nature of containers and behaviors that developers exhibit, you really need to automate this whole platform and life cycle in a developer friendly way. And you probably need to be thinking about that on a constant basis with a team that's really thinking about a developer friendly platform. So at the end of the day, if you're doing DevOps right and you're doing it on an ongoing basis, then you've solved for these security challenges. Now, if this was interesting to you, I have a 43 minute version of this talk that you can find, you can Google, it's pronounced DevOps, the sack is silent because this bright talk URL is probably gonna be possible to memorize. So with that, I wanna say thank you and enjoy the rest of the Cloud Native Security Day.