Integrating DevOps and Open Source tooling inside an Insurance Company as Manulife is, obviously, a challenge. Actually this challenge is not only technological, links with legacy apps, but also a cultural shift to a new security and risk era. In our journey to DevOps, people were surprised by how we have been close to security and risk teams. Most of people try to avoid them and they expected from us the same. Behind their expectation what also the same old questions ‘But open source and security are not contradictory?’ and ‘If you would like to move faster, how could you do that with security restrictions?’. During this presentation we will go through our technology stacks included Kubernetes, Docker, Microservices… and see how has been our approach to integrate security strategy in our open source platform. Our Gaps & Successes…