Scaling Security Controls

Security is not about c s eghty pipeline, because not everything is covered over there. A lot of people may not have the concept of what acing security look like. There's a huge difference between misconfigured resource where we're not enforcing hard, preventative guard rail yet. How long does it take to tell the developer that? Do they get a slack notification right after they make a modification prod write so? Or is it 24 hours later, or months later, when somebody sees it manually, or when they run a tool - maybe next setvay could be on this.