When we talk about security culture, we need that top-down engagement. Moderator Kevin Treanor allowed that we could do without top-down support, perhaps, but obtaining that top-down buy-in is so important because it makes the enactment and transition so much easier. Mature security programs will have proper security behaviors in place, but the key to success it to do them continuously and do them well. To ensure a company security culture, security executives must foster relationships with people within their business, and they must be security enablers, always helping the business to achieve its goals. They must also build credibility and connections between different business units. This connection extends outside the business. Security executives can build a security culture with their users, not just in terms of their work life but also their personal life. If we can make security relevant to users in their home life, then they will bring that into the office as well. It is also important to encourage a culture of continuous learning and user awareness training across the organization, tying these initiatives to rewards for employee objectives and bonuses, which will help obtain that security culture buy-in.