This was a talk at OWASP SAMM User Day 2020. Thomas talks about his experiences applying OWASP SAMM at different companies and discusses typical pitfalls to avoid when implementing security activities in the software development life-cycle. Thomas discusses how to use your security requirements as the backbone of secure software development and why enabling security champions is a great starting point to kickstart your SSDLC. More details on