I have worked with this the past two years - expanding testing mindset into the security realm. There are many reasons for the current buzz around the security issues. Geopolitical, consultancies buzzing, EU regulations and a general increase in buggy solutions rushed to prod.
My advice, I have already written about So sorry for self-promotion 
One thing we can do is to have an outreach mindset, as discussed here:
As Richard mentions above, this is as much about the internal tooling and procedures. There is a whole security field just around regulations and following up on those. I have previously made a guide for testers to the CIS18 guidelines. Let me share that again
Another avenue for us to explore, and one that I have had success in working in. Is to have restore/failure exercises. Be a disaster party planner!