In an insightful session hosted by Sivan Tehila, CEO and founder of Onyxia Cyber, David Schwed, CISO of Brokerage & Money at Robinhood, shared his perspectives on evolving cybersecurity strategies for modern businesses, focusing on shift-left and preemptive cyber defense approaches that enable business growth rather than gatekeeping.

Watch On-Demand

Here are all the top takeaways from the conversation:

Understanding the Shift-Left Approach

David’s journey into cybersecurity is unconventional but illuminating. From early technology roles at Citicorp to co-founding a telecommunications company, obtaining a law degree, and working in crypto security, David emphasized the value of diverse experiences shaping how a CISO thinks about security as risk management.

David also emphasized the importance of integrating security early in the development process, stating, "Shift left isn’t a tool; it’s a methodology, a paradigm shift in building your security program. It means getting involved as early as possible, even before engineers put their hands on the keyboard.”

Many breaches are not the result of sophisticated hacks but human error or misconfiguration, such as publicly exposed S3 buckets. David noted, “We like to glorify attacks in the movies, but as the data shows, a lot of breaches come down to misconfigurations or human mistakes.”

By embedding security earlier in the SDLC, organizations can prevent such errors, enhance collaboration, and accelerate production timelines without compromising security.

The Rise of Preemptive Cybersecurity

Discussing the role of AI and machine learning in threat anticipation, Schwed noted, "Part of the CISO's job is understanding prioritization of threats; preemptive cybersecurity helps understand where I should be shifting resources to protect the organization six months or a year from now."

Preemptive security is not about implementing every tool available but strategically applying resources to maximize both security and business enablement.

Driving Business Outcomes through Security

A CISO’s role goes far beyond technical protection, it’s about enabling the business to operate safely and efficiently. “Security isn’t just standing off to the side shouting ‘this is bad.’ It’s about being a partner to help foster innovation, to help accelerate innovation safely, and maintain customer trust,” he explained.

CISOs should engage development teams with quick secure coding refreshers that illustrate real-world exploits and vulnerabilities, helping teams understand the tangible impact of security. Reviewing the software development lifecycle for early security gaps and establishing iterative feedback loops ensures developers can address risks proactively. Communicating program effectiveness requires not just metrics, but storytelling that resonates with senior management, demonstrating wins in a way that highlights security as a strategic enabler.

Aligning security with business objectives depends on early involvement, thoughtful prioritization, and a focus on risk management, creating a foundation where security drives innovation rather than impeding it.

Preparing for the Future

There is an evolving regulatory landscape, including the SEC’s cybersecurity rule requiring disclosure of security programs. Schwed views compliance as a byproduct of a mature security program, helping organizations mature their approach and build defensibility into their practices.

Reflecting on future trends, Schwed emphasized that trust is the ultimate business advantage. Preemptive security, when applied thoughtfully, protects critical assets and strengthens confidence with customers, partners, and regulators alike.

Sustaining Strategic Influence in Cybersecurity

Long-term success as a security leader comes from demonstrating consistent value and sustaining influence across the organization. “Over time, we see that if we used to be the bad cop, the security leaders, now we're really important for the business because many things can't really happen without those practices”, David said.

Leaders must link key performance indicators to organizational outcomes, ensuring that security initiatives are clearly tied to measurable business impact. Negotiating the right scope and autonomy for security programs, maintaining visibility across the organization, and fostering a culture of trust and collaboration are critical to ensuring that security remains a strategic partner over time, rather than a reactive function.

Lasting influence in cybersecurity requires both foresight and the ability to connect technical decisions directly to business outcomes.

Want to learn more about driving better business outcomes with your cybersecurity strategy? Watch the full conversation with David Schwed on demand.