In 2017, hackers took three days to identify and exploit a new vulnerability in Equifax’s web applications. In the post-Equifax world, moving new business requirements (e.g., a non-vulnerable version of Struts2) into production in under three days might just be the new normal for your CI/CD pipeline. Join this session to better understand how DevSecOps teams are applying lessons from W. Edwards Deming (circa 1982), Eli Goldratt (circa 1984) and Gene Kim (circa 2013) to improve their ability to respond to new business requirements and cyber risks. It starts with emphasizing the performance of the entire system and never passing known defects downstream.