Have you once watched a leadership team clap for their “security culture month” like they’d landed a rover? Posters everywhere. Quizzes. A prize draw. Someone baked cupcakes with padlocks iced on top. Cute. Two weeks later, a product manager asked an engineer to “just share the admin credentials for an hour” because the vendor demo was in thirty minutes and the CEO was joining. The engineer hesitated, then shrugged and sent them. Nobody wanted to be the person who ruined the moment. That is culture. People in action, not process — just people trying to help each other, with good intent and possibly very bad outcomes. Not just the cupcakes… Awareness is what people can repeat. Ownership is wh...