This dissertation research explores the multifaceted experiences of cybersecurity professionals in the United States regarding the establishment and long-term sustainability of successful cybersecurity programs and the development of deeply ingrained security-conscious cultures within their respective organizations, addressing a notable gap in the practical understanding of effective implementation strategies. The central research question guiding this inquiry is: What are the experiences of information security professionals in creating a supportive information security culture and successful cybersecurity program?

The research methodology employed was a generic qualitative inquiry, utilizing semi-structured interviews to gather rich, descriptive data regarding the lived experiences and expert opinions of participants. The study population comprised cybersecurity professionals working within organizations in the United States, and a sample of twelve individuals with relevant experience in building and managing security programs and cultures was recruited through purposive sampling techniques.

The collected interview data were analyzed using inductive thematic analysis, facilitated by NVivo software, to identify recurring patterns, key themes, and shared experiences related to the research question.

The findings revealed five interconnected themes crucial for cybersecurity success: the foundational pillars of robust programs and cultures; the critical role of human factors and continuous employee engagement; the indispensable influence of committed leadership and integrated governance; the strategic implementation of layered technical and procedural defenses; and the necessity of ongoing measurement and adaptive improvement. This study concludes that a holistic approach, synergistically integrating technology, human behavior, leadership commitment, and a dynamic learning mindset, is essential for achieving and maintaining a resilient cybersecurity posture. It suggests that future research could explore the longitudinal impact of specific cultural interventions and the development of quantitative metrics for cultural effectiveness.