“Whose responsibility is security?” This question dominated the conversation at DTX London 2025’s Agile stage. I was a panellist discussing this topic at DTX this week. The unanimous answer: security is everyone’s responsibility—not just the CISO’s or the security team’s.
Speed vs. Security
As development cycles shrink to days or hours, security vulnerabilities are becoming buried in complex CI/CD pipelines. The solution? Shift-left security—integrate security from day one, catching issues when they’re small and manageable, not when they’re critical production vulnerabilities.
The Holistic Approach
Our panel emphasised that technology alone isn’t enough. Effective security requires three pillars:
- Technology – Tools to detect and prevent threats
- People – A security-conscious culture across all roles
- Processes – Clear governance and accountability
The Supply Chain Challenge
The most critical discussion centred on third-party risk. Every vendor, API, and service you integrate is a potential entry point. When your vendor gets compromised, you get compromised. This demands a Zero Trust approach extending beyond your walls. Scrutinise every partner’s security posture—your security is only as strong as your weakest link, hence pick your partners carefully and manage this over time as things can change.
The Takeaway
In our interconnected world, security cannot be an afterthought. It must be foundational—embedded in every line of code, every partnership, every decision. With collective responsibility, proactive measures, and a holistic approach, we can build resilient organisations. The question isn’t whether you can afford to make security everyone’s responsibility—it’s whether you can afford not to.