Not conforming to the traditional SDLC model, Agile sounds like a security nightmare. We opened the books, checked the Internet, spoke to peers. Information was scarce. We had to start from scratch and learn as we go. After a long journey, we have successfully added security coverage to more than 20 SCRUMs and dozens of SaaS components. We share our experiences, challenges and practical tips.