How do you scale security across many engineering teams when you have no direct authority over them?

You scale through leverage, not headcount. Tactics: build paved roads and guardrails so secure defaults arrive without your involvement; run threat-modeling-as-a-service (lightweight, templated, on-demand) so teams self-serve; stand up a security champions network as your local proxies; codify expectations as security requirements / ASVS baselines tied to risk tiers; and use influence levers — executive air cover, shared OKRs, public dashboards, and making the secure choice the path of least resistance. Measure adoption and risk reduction so you can invest where it matters. The mindset shift from junior→staff is from finding bugs to changing the system that produces them.