How 'Secure by Demand' Can Reset Cybersecurity

Application Security , Events , Next-Generation Technologies & Secure Development How 'Secure by Demand' Can Reset Cybersecurity Lauren Zabierek of CAS Strategies on Addressing Incentives, Risk Gaps Anna Delaney (annamadeline) • March 24, 2026     Share Post Share Credit Eligible Get Permission Video Player 00:00 00:00 Lauren Zabierek, senior advisor, CAS Strategies and senior adjunct advisor, Institute for Security and Technology Software risk outpaces public understanding, leaving critical systems exposed. That includes a widening gap between perceived and real risk as economies and infrastructure rely on software built with unsafe components, practices and defaults, said the Institute for Security and Technology's Lauren Zabierek. , Senior Advisor, CAS Strategies and Senior Adjunct Advisor, Institute for Security and Technology. See Also: How Technical Debt Puts Critical Infrastructure at Risk "So it really does create that that gap for in safety for the people who depend on our systems running and having them be so insecure," said Zabierek, senior advisor for CAS strategies and senior adjunct Aavisor at the Institute for Security and Technology. To address these issues, leaders need to expand national security beyond defense and intelligence, Zabierek said. Security is about protection of people, including economic stability and access to services, and there is a need for incentives to drive outcomes. But markets reward speed and features, not safety, she said. This dynamic keeps secure-by-design progress slow and shifts risk to less-resourced users instead of manufacturers who can address flaws at scale. "Ultimately, the system does not incentivize secure software," she said. "We haven't created a system where we are incentivizing safety or incentivizing security." In this video interview with Information Security Media Group at RSAC Conference 2026, Zabierek also discussed: The risk gap and the public perception that lags real exposure from insecure software defaults; Incentives to encourage secure-by-design adoption; Why buyers must signal a demand for clear security requirements to vendors. Zabierek is a security leader advancing secure by design, software safety and public interest technology through policy, research and institution building. She bridges cybersecurity, resilience and human impact across government, industries and the society. She was previously a senior advisor to CISA, where she co-led the national secure-by-design initiative.