We continue the "Epic Failures in DevSecOps" series by speaking with Edwin Kwan on his chapter, "Threat Modeling - A Disaster Story". Edwin is Application and Software Security Team Lead at Tyro Payments. In our discussion, we talk about the three things he learned through his "Epic Failure": -- Demonstrate value at the buy-in -- Get early feedback -- Automate as much as possible During our discussion, we talk at length about the role of security and how to begin implementing automation at the earliest stages of the development process. About Edwin Kwan Edwin Kwan is the Application and Software Security Team Lead for a bank. His approach toward application and software security is to raise security awareness, provide light touch controls to the software development life cycle to increase visibility of security issues and work closely with engineering teams to quickly develop secure applications. Edwin started out as a software engineer and transitioned into the application security role to lead a range of security initiatives when the company was working towards obtaining an unrestricted banking licence. As a Software Engineer, he has over a decade of experience developing large scale; real-time; high performance; high reliability software applications for major telecommunication vendors. He is also experienced in working with stakeholders from small to large organisations to design and develop innovation solutions to help manage and grow their business.