The majority of information that exists about software security either focuses on technical means to build secure applications, or strategies to put controls in a software development process. There is a dearth of information regarding how managers should push secure initiatives forward, convincing executives that software security is critical to trusted business operations. This presentation focuses on how security officers or development leaders can apply a disciplined approach to building internal consensus to build secure software. A five-step process will be laid out that will enable a manager to characterize the landscape, secure management buy-in, baseline the existing risks, set modest goals and attempt to achieve them, and sustain the initiative. Emphasis will be on actionable steps that successful managers have used to drive the adoption of secure software strategies in large organizations.