“Shift left” can live up to what it is intended to be only when developers truly build their security lifecycle into their workflows. As security professionals, we need to help them do so.