HIPAA being the business driver, Application Security (AppSec) had to be build into the existing DevOps of an acquired company.
The existing Application Security (AppSec) Program was too disjointed, which resulted in an unclear picture of the security posture of the application portfolio. Plus, the program was too expensive.