The topic of DevSecOps is starting to percolate in the technology world’s brew. There are presentations, manifestos, blogs, and conference sessions all dedicated to the practice. As humble practitioners of the DevSecOps craft, this talk will focus on the Starbucks efforts to securely develop, deploy, and support a unified commerce platform for one of the world’s largest merchants. We will review Starbucks approach to security by design and provide examples of how we use infrastructure as code to configure security policies, perform continuous audits, embrace containerization, and inject security checks into our CI/CD pipeline.