Developers want to do what's right, but will take the path of least resistance to get there. That's why it's essential that we build security into our delivery lifecycle. As shift-left, full stack, microservices, Agile, and CI/CD are now the norm, it's become increasingly difficult to stay current on the skills needed to deliver secure apps. For years, security was someone else's job, but now the responsibility falls increasingly on the delivery team. Properly securing one app can be challenging, let alone applying the same patterns consistently across many teams with varying skillsets, all while keeping up with the speed of change. Everyone wants high-speed business value and secure code. These are not mutually exclusive. We'll cover our approach to solving this problem, with a focus on applying Spring Security and OAuth2 standards. We leverage an open-source model to apply best practices at scale, with the goal of putting security on the easy path for every application developer.