Managing Your MoneyFuture of EdtechCircular FuturesTransportEnergy Transition
About usShipping & Global TradePower of DataOur Future WorkforceFuture of Defence
Talent EconomyOpportunities in STEMIndustrial strategyBusiness TravelResponsible Business
Retail & E-CommerceArtificial IntelligenceRenewable FuturesFuture of TaxFintech
Cybersecurity & Cloud ComputingPropertySmart CitiesProject managementEducation
AerospaceFuture of TaxCareers in Tech & EngineeringFuture of workSupporting SMEs
SportBusiness ResilienceNational Inclusion WeekEmployee WellbeingSTEM
FinanceEntrepreneurs & SMEsGaming & EsportsClient survey
Home » Cybersecurity » Security starts before the code
Cybersecurity 2026

Security starts before the code

Curtis Dukes

Executive Vice President and General Manager of Security Best Practices at CIS

    Software security must begin long before code is written, reshaping how developers think about risk, resilience and responsibility.

    As the connected world expands at unprecedented speed, every new feature or integration creates fresh opportunities for attackers. Relying on patching and incident response is no longer enough. To keep pace with modern threats, security must be engineered into software from the start.

    A shift toward intentional security

    ‘Secure by design’ represents a fundamental shift in how software is created. Instead of treating security as a checklist, it encourages developers to consider how systems will be used and misused in real-world conditions. This means anticipating failure modes, understanding adversary behaviour and designing systems that remain resilient even when individual components fail.

    This shift also requires cultural change. Security teams, developers and product owners must collaborate early so decisions reflect both technical realities and user needs. When security becomes a shared responsibility, organisations make more deliberate, risk-aware design choices that strengthen long-term resilience.

    To keep pace with modern threats, security must
    be engineered into software from the start.

    Embedding security into everyday engineering

    Developers play a central role in this transformation. Secure design begins with foundational architectural decisions: identifying what needs protection, defining trust boundaries and modelling potential threats. These choices shape everything that follows, from coding practices to deployment pipelines.

    Secure development reinforces this foundation. Automated testing, strong secret management and continuous validation reduce vulnerabilities and make security a natural part of building software. Because today’s applications rely heavily on third-party libraries, open‑source components and cloud services, treating supply chain security as a core engineering responsibility is essential. Visibility, verification and ongoing monitoring help ensure external components meet the same standards expected of internal code.

    Learning and improving continuously

    Even with strong design and development practices, opportunities for improvement will always emerge. When teams respond with transparency, timely action and thoughtful root‑cause analysis, they strengthen resilience and improve tools, processes and training. Secure by design is ultimately a commitment to building software that thrives in the realities of a connected world. By embracing intentional design, disciplined development and continuous learning, developers can create systems that are high-performing, resilient and fundamentally trustworthy.

    Author
    Curtis Dukes
    Share Share
    Topics
    Cybersecurity 2026
    Next article