Security practitioners advocate ideals through clichés and analogies to help others understand complex problems. One prominent analogy espouses baking security into a solution instead of bolting security on at the end. This seems like an obvious analogy – a baker certainly can’t add flour to a cake after it’s in the oven. In business reality, time-to-market beats security every day of the week. How can an architect bake security into solutions when the extra time could result in a failed venture? This talk explores the realities of blending security into the design and implementation of solutions with a goal of realizing better is not the enemy of perfect. Some implementations bolt on security beautifully; other design patterns prove impossible to correct. Look forward to a meme-filled tour of architectures, design patterns, and lessons learned that will help security practitioners and business people identify if they’re cooking soup or baking cakes (…if that sounds like a mixed metaphor, don’t be late for supper).