We can barely make it through an AppSec talk or article without hearing about the wonders of “shift left” and how it is the key to solving all of our security problems. Every intro to AppSec talk starts with the cost savings and return on investment associated with discovering security defects earlier in the SDLC and most of us have designed our AppSec program around these concepts. What would you say if I told you there was a better way and that we have been shifting left wrong? In this talk, we will introduce the concept of the inner and outer loop as the next evolution of shift left. Join us to explore a new model for shifting left using inner-loop concepts and learn how to better enable our developers to build products that are secure by design.