With the current security climate it is important to start each project either a newly build application mobile, web or otherwise, with security in mind. This means personnel with security training should be involved on all levels from the get go. Even people on sales team , project management and of course architects and developers should have security in mind.
On a lot of occasion security is still an afterthought that needs to be arranged a few weeks for the intended go live of the environment and any security findings in that environment need to be fixed during those last few days when there is hardly time and/or funding left. I have seen application releases getting delayed and worse applications being deployed with security issues that need to be fixed with the first hotfix.
So it is pivotal that on all level of the organisation the need an urgency of cyber security policies and procedures are implemented before the next project starts.
- posted as "Peer Review: Discussion -- Role of Cyber Security" at Coursera