There is good reason security is invisible: It is Somebody Else’s Problem (SEP). In his geek classic “The Hitchhiker’s Guide to the Universe,” author Douglas Adams describes how the secret to making something invisible is to surround it with an SEP field.
Security is not actually invisible – I’m at an event in Copenhagen with 3000 security professionals this week. But it is still considered Somebody Else’s Problem by the rest of IT. Except for basic Authentication and Authorization, security is not on the minds of developers and system administrators.
We cannot magically make people care. We already know that to get good testing, we have to add professional testers to each team. To get a good User Experience, we need to add UX professionals to each team. We won’t get improved security until we also add security professionals to each team.