Read about security testing and discuss where it best fits in an SDLC
Here are some of sources who supported my learning about security testing.
Very good introduction in first 3min:
I have met Simon in TestBash Manchester and had nice chat. Unfortunally I could not attend his ZAP introdoction course, but definatly software development needs more people like Simon.
If you still are not convinced by this 30 days of security challenge and think it is too complicated, then read this article. Especially I liked arguments should you or should you not start security testing in your company and the link to The Big List of Naughty Strings.