What key issues are preventing a global culture of security?

Because organizations are more focused on having the product on the market as soon as possible, adding more features and making more sales. Security is often seen as a spender where the business spends money but does not get any direct return. Why I don't agree with the notion that Security just spends money, many times that is how it's seen by the CFO/CEO.

There are lot of instances where organizations start investing in security after a breach

In the startup world, you prove your concept first, and how securely you can do it comes later. But that becomes a forever technical debt. That's the biggest problem that I see. It is absolutely required that you prove that you can execute your concept, but you should also make sure that you can do it securely before getting your first customer.

When we look at the formation of the Internet and DARPA, it was built from a place of trust. That trust equation was the primary focus of the technical professionals who formed the data-sharing platform that we now know as the Internet. And that was it, that was the purpose. There wasn't a conversation around, "Trust, but verify; share, but check."

Here we are, decades later, and user experience is now more important than security. We are more concerned with the functionality of the product. I don't even know what I just clicked on to update my iPhone, but there are all kinds of features in there that I know for sure I shouldn't have allowed, except for the privacy feature. There's all this digital sharing, etc., but it's efficient. And I don't have time to read 95 pages of legalese.