In today's digital landscape, application security is crucial for safeguarding sensitive data and maintaining user trust. Without a robust AppSec program, or with one poorly implemented, chaos can ensue, leading to vulnerabilities and breaches. This talk explores our journey of establishing an AppSec program from the ground up. We will share the valuable lessons we learned along the way, detailing the obstacles we overcame and the cultural challenges we faced. Join us as we present real-world examples and best practices, offering practical guidance to help you navigate similar challenges and build a resilient AppSec program.