The Cyber security community has spent great efforts to emphasise the importance of security by design. Unfortunately, industries’ push to market too soon often hampers their efforts. Although there has been some improvement in this space, including tools to support software developers, much work is needed to motivate and improve software engineers’ practices in the prevention, detection, and response to security flaws by design. This paper highlights psychological theories, such as attribution theories and heuristics, that might inform software engineers about potential cognitive biases that may lead to insecure design. Moreover, it draws from social psychological theories often applied to management (e.g., social identity theory, adaptive leadership) that may help software engineers better organise their teams to collectively work to improve upon developing secure software.