Security Control Management Charts the Course for Secure by Design Infrastructure in Dynamic Threat Environment, Industry Experts Reveal at InfoSec World 2025

News provided by

Sicura

Nov 04, 2025, 08:00 ET

Sicura defines SCM as a new market category to provide unified risk management, operationalizing CISA Secure by Design principles to harden critical IT infrastructure continuously.

BALTIMORE, Nov. 4, 2025 /PRNewswire/ -- Sicura unveiled Security Control Management (SCM) as a new market category at InfoSec World 2025, marking a pivotal change in the approach to cybersecurity for government agencies and enterprises. Designed to address the growing threat to IT infrastructure – an often-overlooked attack surface – SCM introduces a framework built on Cybersecurity and Infrastructure Security Agency (CISA) Secure by Design principles to embed security and compliance into the development lifecycle.

During the October 27 InfoSec World session – Secure by Design, Not by Chance: The Rise of Security Control Management – an elite panel of cybersecurity experts signaled a pivotal shift in how organizations must build and maintain secure IT infrastructure. They also discussed the shortcomings that have led to the development of SCM, which provides the automation, flexibility and efficiency to integrate IT infrastructure security into the build process, rather than treating it as an afterthought.

SCM: A Holistic Approach to Cybersecurity

Security Control Management charts a new course for cybersecurity in dynamic threat environments. As organizations accelerate AI and cloud adoption, they often neglect cyber hygiene in complex on-premises and hybrid systems, leaving misconfigurations, missed patches and preventable errors that become gateways for breaches.

By operationalizing CISA Secure by Design principles into a continuous, automated cycle purpose-built for the most secure government environments and the largest enterprises, SCM addresses the urgent need to shift risk management from manual, point-in-time assessments to proactive, embedded defense.

SCM provides a practical solution that enables organizations to:

  • Tailor security policies to specific standards and the unique needs of industries and organizations, geography, deployment environment and other factors.
  • Automate monitoring, remediation and validation.
  • Integrate security with agile workflows, such as DevSecOps, Continuous Integration and Continuous Delivery/Deployment (CI/CD), Infrastructure as Code (IaC), and Governance, Risk and Compliance (GRC) tools, providing an end-to-end compliance solution built for agile workflows.
  • Support flexible deployment across on-premises, hybrid and air-gapped systems, as well as agent-based or agentless.

Why SCM Matters Now

High-profile breaches – such as those hitting the U.S. Office of Personnel Management, Capital One and, more recently, the compromise of an on-prem Microsoft SharePoint server that exposed the National Nuclear Security Administration and US Air Force – underscore the urgency for change in the way IT infrastructure is secured.

Traditional audits and federal authorization processes are static, manual, labor-intensive, costly and only address a single point-in-time. Complicating matters is the involvement of disparate teams – security, engineering, GRC, legal and operations – which have to address shortcomings through spreadsheets and siloed tools that are not built to keep pace with ever-evolving technologies, threats and standards.

At the same time, federal cybersecurity standards are being overhauled. Building on early adoption of Continuous Authorization to Operate (cATO) to accelerate authorization processes, the new Cyber Security Risk Management Construct (CSRMC) and CMMC 2.0 for defense contractors are reshaping compliance.

Sicura's SCM replaces outdated approaches and offers the flexibility to address changing compliance standards as agile development becomes the norm. SCM tools deliver engineering artifacts, automated build pipelines, reusable libraries and version control tools, enabling a continuous hardening cycle that builds security and compliance into every deployment.

Lisa Umberger, co-founder and CEO of Sicura, former NSA operator and pioneer of SCM
"From the National Security Agency to large enterprises, we've seen how manual compliance processes are consuming valuable resources, while leaving our most critical IT infrastructure vulnerable. Too often, security is an afterthought and teams fail at basic cyber hygiene," said Lisa Umberger, co-founder and CEO of Sicura. "It is beyond time for a seismic change. With Security Control Management, we are shifting from fragmented security and compliance to embedding security and compliance into the development lifecycle. At Sicura, we're proud to lead this push to ensure that security is more automated, integrated and flexible, while ensuring organizations are compliant and safe across every deployment."

Marene Allison, former CISO of Johnson & Johnson and Sicura advisor

"To protect our most critical data, we need to shift to a world where security is built-in, not bolted on. Security Control Management solutions provide the roadmap to make that world a reality, and the tools to transform how Fortune 500 companies operationalize continuous security and compliance," said Marene Allison, former CISO, Johnson & Johnson. "By reducing business risk, avoiding downtime, and preventing damaging attacks, SCM solutions will usher in a new era of resilience, while redirecting valuable IT resources toward innovation that transforms our world."

Major General Ryan Heritage (ret.), former director of operations at U.S. Cyber Command and Commander of Marine Corps Forces Cyberspace Command

"The threat landscape is changing daily. Security and compliance must not only keep pace, but stay ahead of adversaries," said Maj. Gen. Ryan Heritage (ret.), former Director of Operations, US Cyber Command. "We need capabilities that can adapt in real-time. Security Control Management responds to the need for an integrated framework that enables teams to build infrastructure that is secure from the moment of deployment, and deliver continuous assurance, at scale, in the toughest environments."

Customer Quotes

Mark Fitch, Army DEVCOM C5ISR

"Sicura's SCM solution gives us full visibility and control over our entire infrastructure. We can continuously monitor configurations, detect deviations in real time, and ensure that every system remains secure and compliant. It has become an essential part of our cybersecurity operations."

Nick Markowrski, DevOps Engineer, Onyx Point

"Sicura SCM has streamlined how we meet complex security and compliance requirements. We can track every configuration change, detect drift immediately, and maintain a secure, auditable baseline across all systems."

Watch the full session on Sicura's YouTube channel. To learn more, download the Security Control Management Guide at this link.

About Sicura
Sicura is a Security Control Management (SCM) leader, automating security control enforcement for government and commercial enterprises. Rooted in NSA-developed frameworks, Sicura enforces Cybersecurity and Infrastructure Security Agency (CISA) Secure by Design principles, enabling continuous Authorization to Operate (cATO) and integration with DevSecOps workflows. Trusted by federal agencies like Army DEVCOM and the Department of State, Sicura reduces ATO timelines, ensures real-time compliance and automates security from policy creation to enforcement. Sicura is venture-backed by Squadra Ventures, Scout Ventures, BlueWing Ventures LLC, CoFactor Ventures and InnerLoop Capital. For more information, visit www.sicura.us or follow us on LinkedIn and X.

SOURCE Sicura

21%

more press release views with 
Request a Demo