If I'm a non-security-focused developer who realizes that I have a security requirement for my code, what's the best way to find defenses I might leverage?

@adamshostack I would suggest to check your dev environment first and esp. the frameworks, libraries and tools you use. They may come with security controls that you can leverage incl. docs with usage examples and references to OWASP resources for further research if needed.