This document summarizes a talk about lessons learned embracing DevOps and security. It discusses how security practices need to change in a DevOps world where changes happen much faster. Specifically, it argues that security must bake into the development process and provide visibility and feedback. It provides examples of using bug bounty programs and penetration testing to obtain better and more real-time feedback on security issues. The goal is to surface security data for everyone and help catch attacks more quickly through modern feedback loops that combine different testing approaches.