Security pros love quoting Sun Tzu, but war-based metaphors fail with dev teams because, HONEY BADGER. Instead, security teams must understand how dev teams work. Accordingly, security managers should immerse themselves in the Dalai Lama's lessons. Understanding how developers manage themselves, tools they use and their rewards is crucial to building an effective application security program.