Pwning and breaking systems (with permission) can be a creative thrill, and it feels like you're performing a valuable service to the community. That's how I felt 15 years ago when I started as a security consultant, but strangely many people I met at customers didn't agree. Developers, architects and product owners alike viewed my arrival with disdain. But why? In this lightning talk I will share my journey from ethical hacker to agile security fanatic, and why penetration testing should be nowhere near the top of the list of activities you do when building security in.