Everyone knows that security is something that 'should be' included, but far to often, isn't. Why not? Is security simply the new buzzword? In this talk we will cover why security fails and how to recognize when you're company is struggling to get security included. We'll go through what a developer, tester or manager can do to get this vital topic included from requirements to testing. Using simple practical things, any organization of any size can move forward in their security work, it's simply a matter of knowing where to start.