Security is often treated as something that happens after development — an audit, a penetration test, a compliance checkbox. This episode argues for a different model: security embedded from the first line of code, with threat modelling as a design practice and automated checks in every pipeline step. Our guest leads security engineering at a fintech that ships weekly and has never had a material breach.