Security was always a big black box for most software professionals. It often was handed over to your security teams and the CISO to deal with it and developers were done. But with the rise of DevOps (and DevSecOps thereafter), security has shifted left. Developers are taking more responsibility for the applications they build. Guides, tools and open source libraries have to be developed securely. From customers' perspectives, security has evolved, as well. It’s no longer a black box, but a box everyone wants to open. Security and privacy doesn’t just run in the background anymore, it’s required as a customer-facing interface. Customers are asking for more visibility into the security of applications they buy; asking about security policies, compliance requirements and custom configurations, making it impossible to maintain. Not feasible, not scalable. How are customers experiencing security, what do they expect and how can those expectations be met and supported? In this session, we will learn about the evolution of security from backend infrastructure to a customer-facing product feature set. We will look closer into how companies can design products that are “customer-scalable” from the get-go, in an era that is reshaping security into a self-service experience.