The language used to describe people as part of our information security systems is revealing. We talk about ‘patching the human’ and ‘building the human firewall’. We need to find our way to a more positive information security culture that places people at the centre of a system that is resilient, adaptive, and effective.