My goal in this organization is to create the first sort of culture - one where everyone has security in mind, is aware of the value of the information they handle every day, and want to protect that in all possible ways - without the need for fear to drive it. This is why I write our policies to be as gentle and aware of use cases as possible. I want us to be working together towards maintaining and understanding security, instead of everyone having to work around technical blocks I throw in your path to get your job done. Without the obvious risks, this is a more difficult task.