Conventional wisdom says we need more staff training and technical security certifications. Others say higher salaries, a better understanding of the bad guys, more executive leadership training or more top-level executive buy-in are needed. While all of these help, I've seen security staffs with all of the above fail.
Also see
As I've traveled the world, I've identified some common traps that cause security pros to fail. What works and what doesn't in achieving the best security results? If you call yourself a security professional, here are seven lessons you need to learn. I originally examined these lessons in a series of posts on my CSOonline.com blog, where you can on each problem and solution.
Problem #1: Security Is Thought of as a Disabler
Security professionals are often viewed as the party poopers. This threatens the credibility of every security consultant. Are you bringing problems or offering solutions? Are you viewed negatively by the business?