Most SaaS service providers have adopted a microservices-based architecture with an API-first approach. Engineering and product leaders mandate that teams innovate at a rapid pace to keep up with hypergrowth. To keep up, development teams have embraced Agile methodology for product development and have adopted DevOps and DevSecOps practices. DevSecOps seeks to shift security left in the development cycle and, in this presentation, we will talk about practical approaches for making DevSecOps successful. We will discuss all the security and compliance controls that need to exist in a typical CI/CD environment both from a process and tooling perspective. Our talk will address these challenges both from engineering and security perspectives.