systemd is the system and service manager of most of today's popular Linux distributions. This talk will focus on security features of systemd, that help developers and administrators to lock down system services in powerful ways, in order to build a more secure Operating System. Topics covered are: file system namespace features for services, networking lock-in, seccomp sandboxing, Linux security capabilities, integration with MAC security and many more. The talk will explain how many default services shipped in the various Linux distributions already make use of these security features to minimize impact of services, and how developers, devops engineers and administrators can enable this features easily for their own services, with just a few settings.