Secure by Design, Secure by Default, Secure by Demand: The Signs of a Secure Software Supply Chain
November 4, 2025
Welcome to Data Security Decoded . Join host Caleb Tolin in conversation with Lauren Zabierek, Senior Vice President for the Future of Digital Security at the Institute for Security and Technology. A former CISA leader and long-time national security professional, Lauren unpacks the principles of Secure by Design, Secure by Default, and Secure by Demand and how these frameworks are reshaping the software supply chain.
From her work leading CISA’s Secure by Design initiative to her advocacy through #ShareTheMicInCyber at New America, Lauren explains why security must be a business decision, how market incentives drive insecure systems, and what customers can do to demand safer software. This episode offers concrete lessons for leaders, CISOs, and practitioners looking to build resilience from the codebase up.
Welcome to Data Security Decoded. Join host Caleb Tolin in conversation with Lauren Zabierek, Senior Vice President for the Future of Digital Security at the Institute for Security and Technology. A former CISA leader and long-time national security professional, Lauren unpacks the principles of Secure by Design, Secure by Default, and Secure by Demand and how these frameworks are reshaping the software supply chain.
What You'll Learn:
- Why security must be a business decision led by executives rather than a technical afterthought
- How Secure by Design principles inspired more than 300 companies to eliminate entire classes of vulnerabilities
- The economic incentives that drive insecure software and what must change to realign the market
- How customers can evaluate vendors and ask the right questions to ensure secure authentication and transparent practices
- The role of Secure by Demand in helping buyers assess software safety before and after adoption
- Why initiatives like #ShareTheMicInCyber are essential for expanding diversity and innovation across cybersecurity policy
The conversation offers a practical roadmap for executives, CISOs, and technology leaders to integrate secure development practices into business strategy, turning software security from a compliance checkbox into a competitive advantage.
Episode Highlights:
[08:46] Inside CISA’s Secure by Design Pledge
[09:41] The Three Pillars: Secure by Design, Default, and Demand
[11:59] Why Security Is an Economic Issue, Not Just Technical
[15:41] How Customers Can Drive Change Through Secure by Demand
[18:23] The Story and Impact of #ShareTheMicInCyber
Episode Resources:
- Caleb Tolin on LinkedIn
- Lauren Zabierek on LinkedIn
- Institute for Security and Technology (IST)
- Secure by Demand Guide from CISA
- Secure by Design Pledge from CISA
Data Security Decoded is handcrafted by our friends over at: fame.so