Matt Tesauro discusses moving application security (AppSec) beyond traditional security testing towards event-based security using continuous integration/continuous delivery (CI/CD) pipelines and automation. Key points include: - Implementing AppSec pipelines that automate security tasks using tools like Docker to increase efficiency and consistency while reducing friction between AppSec and development teams. - Treating individual security findings as tests that are run continuously via tools like Jenkins to quickly determine when issues are fixed. - With increased automation and efficiency, one company increased the number of application assessments from 44 in 2014 to over 400 in 2016 while reducing AppSec staffing levels.