This presentation walks through the patterns of successfully starting of a DevSecOps program from scratch. It focuses on the strategies to be successful and the lessons learned along the way. Lastly, this talk concludes how the recent EO of SBOM shapes the next steps of DevSecOps maturity.