This document summarizes a workshop on shifting security left in the development process. It discusses evaluating applications and infrastructure for security risks early using techniques like threat modeling. It emphasizes integrating security practices like dependency management, static analysis, and infrastructure as code throughout development. The mantra of "Does this touch the internet? Does it take untrusted input? Does it handle sensitive data?" is presented to help evaluate features for security needs. Automating these practices with tools is encouraged.