Cybersecurity isn't a one-time activity but a continuous effort that demands integration into every aspect of system design, build, and deployment. In a landscape rife with complexities and evolving threats, manual approaches are unsustainable. Instead, a programmatic approach, embedding security into the fabric of operations, is imperative. This blog explores the necessity of incorporating security from the outset and highlights insights from industry leaders, Bicash and Dave Loi, on the proactive integration of security into organizational processes.



Here is the verbatim discussion:

ree it's a matter of how you design build and deploy your systems and it can't be a one-time activity it's too much effort it's it's too much to manage maintain sustain that in a um in a way that's very manual so it has to be programmatic and that's where from the build process the design process build process sustaining process today we have Dev SEC Ops we have other Buzz terms that are out there but ultimately uh security has to be built into your design security has to be uh running all the time and not put on afterwards we often hear this it's it's put in after the fact it has to be part of the process baked into the process to be to be part of your sustaining uh systems and that complexity to manage be it hundreds of processes Services other things that even a small business today has where before they did not you need to under his name a Fortune Magazine 40 under 40 bicash is well known on the global speaking circuit on cyber security matters appearing at RSA Conference USA Singapore interrup USA tedex just to name a few Dave laui is a senior technology executive and co-founder of quantum smart he is a seasoned Tech leader with over 20 years of experience in highly regulated environments such as insurance banking Pharmaceuticals retail and payments he's also a member of the Gardner research board and an advisor to sure so I love technology and problem problem I me solving the core problem but of course like standards is something which we need to continuously work with and also work on and also been part of developing some of those Frameworks Etc so um if you look at The Regulators now there had been a time when The Regulators used to come and ask you like show this they to look at the policy and they us to look at some artifacts and leave now Regulators are increasingly looking for like is this a program or is it like you are just cooking up the data to show us like very early days of PC c i and bs7799 Etc if you all remember just before the audit people used to go and get all these printouts and create all these artifacts and show like yes we have something I'm talking about very early days right but now The Regulators are much more mature and they just don't stop there they would like to see the program do you have it's not like you went to gym once do you



Programmatic Security: Effective cybersecurity cannot be retrofitted; it must be ingrained from the inception of systems. From the design phase to sustaining processes, security protocols need to be seamlessly integrated, transcending buzz terms like DevSecOps, to ensure continuous protection.

Complexity Management: The modern business landscape is characterized by a myriad of processes and services, even for small enterprises. Managing this complexity requires a strategic approach, where security frameworks are diligently applied to streamline operations and mitigate risks.

Industry Expertise: Leaders like Bicash, renowned for their global contributions to cybersecurity discourse, emphasize the importance of proactive security measures. By advocating for the incorporation of security into the design and build phases, they underscore its intrinsic role in sustaining business resilience.

Regulatory Compliance: Regulatory bodies are increasingly scrutinizing cybersecurity programs, moving beyond surface-level assessments to evaluate the efficacy of security measures. This necessitates a shift towards comprehensive security programs, rather than ad-hoc compliance efforts.

Continuous Improvement: In an ever-evolving threat landscape, adherence to standards and frameworks is paramount. Industry leaders, like Dave Loi, advocate for ongoing refinement of security protocols, ensuring alignment with emerging threats and regulatory requirements.


Integrating security into every phase of system development and deployment is no longer a luxury but a necessity in today's digital landscape. By adopting a programmatic approach, organizations can effectively manage complexities and sustain robust cybersecurity postures. Industry insights from thought leaders like Bicash and Dave Loi underscore the importance of proactive security measures and continuous improvement to navigate evolving threats and regulatory demands. Embracing this ethos of security-by-design is paramount in building cyber resilience and safeguarding against emerging risks.



Bikash Barai is credited for several innovations in the domain of Network Security and Anti-Spam Technologies and has multiple patents in USPTO. Fortune recognized Bikash among India’s Top 40 Business Leaders under the age of 40 (Fortune 40-under-40).Bikash is also an active speaker and has spoken at various forums like TiE, RSA Conference USA, TEDx etc.Earlier he founded iViZ an IDG Ventures-backed company that was later acquired by Cigital and now Synopsys. iViZ was the first company in the world to take Ethical Hacking (or Penetration Testing) to
the cloud.



Ms. Nasheen Liu strong reputation in the Technology community is built upon her proven track record as a leader who practices what she preaches. Results driven, focused, determined and creative, Ms. Liu approaches business management with integrity, sound common-sense principles and unconventional strategy. Ms. Liu’s expertise in technology marketing, C-suite conversations and executive branding in the digital age makes her a well-rounded knowledge expert, a skilled listener and an excellent communicator.


Dave Lawy, based in Toronto, ON, CA, is currently a Managing Director at Quantum Smart Technologies, bringing experience from previous roles at Harvard Business Review and Gartner Research Board. Dave Lawy holds a McGill University. Dave Lawy has 6 emails and 1 mobile phone number on RocketReach.



Pritha Aash, managing parts of content strategy and marketing in a startup called FireCompass. The team has built things first time in the world and i'm overexcited to be part of it. I decided to share some of it and more. I'm an Information Technology Engineer. Prior to that I did my schooling from Sri Aurobindo, Loreto House, Loreto Convent Entally, Kolkata. I like to volunteer in interest groups, communities to help the world we live in be a better place. Currently volunteer at WWF, Khan Academy, SaveTrees.



E-mail me when people leave their comments –

You need to be a member of CISO Platform to add comments!

Join CISO Platform

CISO Platform

A global community of 5K+ Senior IT Security executives and 40K+ subscribers with the vision of meaningful collaboration, knowledge, and intelligence sharing to fight the growing cyber security threats.

Join CISO Community Share Your Knowledge (Post A Blog)



CISO Breakfast at BlackHat Las Vegas 2024!

  • Description:

    We are thrilled to invite you to the CISO Breakfast at BlackHat 2024. 

    CISOPlatform is a community partner for the event which is co-hosted by Silicon Valley Bank, Stage One, First Rays Venture Partners, Latham & Watkins.


    Event Details: 

    • Date: Thursday, August 8th,…
  • Created by: pritha
  • Tags: blackhat usa, las vegas, ciso breakfast, usa