Around ten years ago, a new movement spread throughout computing: design thinking. It seems so obvious in hindsight, but the notion that the user experience presented by your product was something that had to be considered and prioritized at every step -- instead of layered on at the end -- was revolutionary at the time.
It's long past time for a similar type of movement: security thinking.
For far too long, security has been an afterthought in the product development process. Passwords are stored in plain text at companies with hundreds of millions of users; people have proven time and time again that they will click on a link that seems so obviously suspicious; the most common password is, well, "password"; and large companies with tons of internal and external applications focus on plugging holes in the walls while attackers parachute into their networks. These aren't technical challenges; they are cultural challenges born of the obsession to rush products to market in search of rapid growth, or to hire a passel of security consultants who recommend layers of security products that cost more every year.