REI embarked on a digital transformation and cloud migration journey to move its development environments to AWS, but soon realized that application security was not keeping up with this transition. To address this, REI established an AppSec program under the leadership of Dan Ngo, Lead Security Engineer at Cybersecurity Engineering and Risk Management. The team sought to build a strong security culture across development units by adopting the right security tooling and cultural shifts. They chose Snyk as their security tooling partner, which helped them integrate with REI's existing tooling and AWS cloud environment. Through continuous growth, embracing feedback, and identifying and assigning ownership to fixes, Dan's team fostered a collaborative relationship with development teams, leading to successful application security initiatives and a robust process for vulnerability management.