Incorporate security into the beginning of a project

A customer noted that often if security is not considered during requirements, and later it may be too late to tack-on security after requirements are complete.

It would be best to enable or encourage security as a consideration during requirements, to partner with education of all team members around secure coding, and enable proactive design.

How could we recommend, or encourage, important items like testing and security to be a part of project planning?