Folx frequently ask me about security culture, both technical and social, so here's a reading list (in maybe the order you should read them). There's some overlap and contradictions between the zines, but that's not a bad thing. No one is completely right (not even me), and with something as likely to have serious consequences as security errors, always get at least 2 opinions.
First up is "Confidence, Connection, Courage, Trust." It's the best zine out there for finding a starting point for developing a security culture. It discusses how to create security culture without becoming paralyzed by paranoid.