The importance of a strong cybersecurity culture cannot be understated. It transcends technologies, processes, and even people. It is bigger than security awareness. Security culture becomes ingrained everywhere you look and touch. It is aligned with the objectives of the business. Everybody doesn't just practice security, they also own it.

Dan Kaplan, Trustwave¹

It's flashback time. Early in the previous chapter, I used a quote from BJ Fogg stating that, “Humans are lazy, social, and creatures of habit.” Throughout that chapter, and in previous chapters, I've referenced the social components of belief and behavior. Here is where the rubber really meets the road: culture. A positive security culture is a force multiplier for behaviors, beliefs, and messages; it represents a critical social component that will either work for you or work against you. And the ability to shape the security-related aspects of your organization's culture represents the pinnacle of our journey into transformational security awareness.