Creating a Culture of Security

Discover how to implement a robust security culture that will help you maintain rugged resilience.

Security has become everyone’s job, and its management has become a strategic concern of the enterprise. The way forward is for enterprise leaders to invest in building a culture of security. But how exactly do you get started and how do you measure success?

In this ebook, AWS Enterprise Strategist Mark Schwartz shares his perspective on what makes a robust security culture. Learn what approaches he recommends to establish awareness of risks and controls along with a set of norms and practices that align with keeping the enterprise secure.

Explore the five factors that will help you establish and grow your culture of security:

  1. Connect security to mission objectives.
  2. Build security into everything.
  3. Establish high standards for security hygiene.
  4. Adopt a zero-defect approach.
  5. Continuously vet security in development and production.

Download the ebook to dive deeper on these topics.


An enterprise that treats security and resilience as a 'nice to have' quality—something that only its security specialists need to worry about—as an extra cost, as a burden, or that doesn’t think of it at all can never be rugged. Security and resilience should be—and are—concerns for all enterprise executives, managers, and employees.”

Mark Schwartz, AWS Enterprise Strategist

How to implement a “blameless” security culture

When you’re moving at the speed of innovation, mistakes are bound to happen. In this Security Leaders interview, Bill Shinn AWS Senior Principle in the Office of the CISO shares his perspective on how to address errors in a blameless way. When handled correctly, mistakes can become a growth opportunity, but only if security leaders are willing to put the right mechanisms in place to support a blameless security culture.

About the author

Mark Schwartz, Enterprise Strategist, AWS

Mark Schwartz is an Enterprise Strategist at Amazon Web Services and the author of The Art of Business Value and A Seat at the Table: IT Leadership in the Age of Agility. Before joining AWS he was the CIO of US Citizenship and Immigration Service (part of the Department of Homeland Security), CIO of Intrax, and CEO of Auctiva. He has an MBA from Wharton, a BS in Computer Science from Yale, and an MA in Philosophy from Yale.

Take the next step

Stay secure

Uncover new security insights when you browse our collection of security-themed thought leadership resources on Executive Insights.

Listen and learn

Listen to our Conversations With Security Leaders podcast series to get fresh perspective on trending topics from security leaders at AWS and beyond.


Get connected

Visit AWS Executive Connection for a digital destination where you’ll find information on our latest publications, events, trending tech news, and more.

Attend an executive event

Get insights from peers when you attend an event, join our executive community, or watch events on demand.