The Security Dilemma: Creating a Supportive Security Ecosystem That Enables Speed and Developer Empowerment

Anil Bhasin, Area Vice President for India at Wiz, reflected with TechNadu about bridging gaps between dev and security teams, and strengthening identity and access controls across modern cloud environments.

He brings a 30-year track record of driving growth and innovation across major technology firms, including Databricks, UiPath, Palo Alto Networks, and Cisco Systems. 

With Cybersecurity Awareness Month in full swing, Bhasin reminds organizations that awareness should spark lasting collaboration, where developers and security teams work side-by-side to build smarter, faster, and more resilient systems.

When security adopts the language of business and development, tying risks to reliability, performance, and uptime, developers will feel supported, and security will turn into a force multiplier instead of a roadblock.

Read on to get a closer look at how Bhasin envisions developer-first security evolving through automation, collaboration, and shared ownership across modern cloud environments.

Vishwa: Many security tools were originally built for security teams, not developers. What does a true “developer-first” approach to security look like in practice?

Anil: A developer-first approach treats security as a usability challenge, not just a technical one. It starts with embedding security into the tools and workflows developers already use, such as CI/CD pipelines, pull requests, and infrastructure-as-code. 

Rather than asking developers to navigate security dashboards or decode generic alerts, the focus should be on delivering clear, contextual findings that are tied directly to the code or service in question. 

Developers should be empowered to take action quickly, with the autonomy to fix issues without waiting for security to triage or assign tickets. To make this work, security teams need to meet developers where they are and provide just enough guardrails to guide, not block.

Vishwa: Developers are often under pressure to move fast. How can security be built in without slowing down innovation?

Anil: Security can support speed by leaning into automation and alignment. That means automating routine security tasks like container scanning or policy checks, and integrating them early in the development process, before code hits production. 

The goal isn’t to stop deployments, it’s to catch high-risk issues before they cause real harm. Security teams should focus on blocking only what’s critical, and surfacing everything else as actionable feedback. 

This creates a fast feedback loop where developers can resolve risks in their flow without unnecessary delays. When security shows up as enablement rather than enforcement, it helps teams build faster with more confidence.

Vishwa: There’s a perception that security is a blocker. What needs to change so that developers see security as an enabler instead?

Anil: Changing this perception requires a shift in how security is delivered and measured. Instead of showing up only when something goes wrong, security teams should partner early and often, helping developers make secure choices from the start. 

This might look like contributing to design reviews, sharing secure-by-default templates, or collaborating on threat models. Security needs to adopt the language of the business and development, tying risks to things developers already care about, like reliability, performance, or uptime. 

When developers feel supported instead of judged, and when security outcomes are framed as quality wins, security becomes a force multiplier, not a roadblock.

Vishwa: Visibility is a recurring theme in cloud and software security. How important is it to give developers real-time context into risks, and what does that look like?

Anil: Visibility only becomes useful when it is contextual and actionable. Developers don’t just need to know that a vulnerability exists; they need to understand whether it is reachable, exploitable, and running in production. 

Real-time context means knowing whether a workload is internet-facing, who owns it, and how an issue could impact the system. This level of insight helps developers prioritize what matters and take the right action without needing a security translator. 

Instead of surfacing raw findings, modern security teams should focus on providing enriched, in-context visibility that maps directly to developer responsibilities and timelines.

Vishwa: What are the biggest gaps you see today between how security teams think about risk and how developers approach building software?

The gap often comes down to different priorities and language. Security teams are trained to look for worst-case scenarios and mitigate risk, while developers are incentivized to build quickly and ship features. 

This disconnect can lead to tension, especially when security findings feel like arbitrary blockers. 

To close the gap, organizations need shared definitions of risk and success. That might include aligning on business impact instead of just severity scores, and co-owning remediation criteria. When developers and security teams work from the same playbook, grounded in outcomes that matter to both sides, collaboration becomes much easier.

Vishwa: As cloud adoption and AI development accelerate, how is the relationship between security and development teams evolving, and what role do modern security tools play in bridging that gap?

Anil: The shift to cloud and AI has pushed more operational decisions into the hands of developers, blurring the lines between engineering and security. Developers are now responsible for managing infrastructure, deploying models, and scaling services, all of which carry security implications. 

In response, modern security tools need to serve both audiences equally. That means providing a unified view of risk across the stack, with ownership and context baked in. Tools should be able to answer not just what the issue is, but who owns it, how it spreads, and what to fix first. 

This kind of shared visibility helps developers and security teams collaborate without confusion or friction.

Vishwa: How can organizations use Cybersecurity Awareness Month as an opportunity to build lasting collaboration between developers and security teams rather than limiting it to a once-a-year campaign?

Anil: Rather than treating Cybersecurity Awareness Month as a one-off event, use it to spark ongoing conversations. Create hands-on activities, such as monthly capture the flag challenges or threat modeling workshops, where developers and security can work side-by-side. 

Highlight real-world scenarios relevant to your org, and emphasize continuous learning. Culture shift happens when education is practical, inclusive, and ongoing.

Vishwa: As social engineering attacks grow more sophisticated, which security tools or tactics do you see as most effective for strengthening identity and access controls across cloud environments? And how should these tools integrate with broader enterprise security architectures?

Anil: Strong identity and access management (IAM) is foundational. Tactics like enforcing least privilege, continuous monitoring of access patterns, and using identity providers with MFA reduce risk.

Context-aware tooling can detect suspicious behavior early, for example, when credentials are reused across environments. Importantly, these tools must integrate with broader cloud architectures to surface identity risks in real-time and in context.