The people element of security has long sat on the back burner as security and risk (S&R) pros buy product after product without first solving fundamental problems. People and culture are central to a successful security program, but firms don't prioritize them or embed them into security strategy enough. This report is an overview of Forrester research that helps CISOs focus on the often neglected human side of security. It links to reports for CISOs on building security awareness, changing behavior, and leading cultural change within and outside of their organization.