Network security and website security needs technical IT to get us more secure.
Security specialist should better protect against a full range of security breaches (vulnerabilities, exploits, bugs), common attackers just need one workable tiny hole to worm through to be able to compromise a full network/website and do their evil deeds. Just had a discussion to-day with some technical IT people and they confirmed what I post here.
As I experience from my daily cold reconnaissance scanning the situation is that critical, that something needs to be done (education, secure coding, secure configuration etc. etc.). Protocols and platforms are introduced before they have been properly secured and are invariably rather insecure (virtual insecure code, features over security, user friendliness that creates security issues).
For instance we make the transition to https only while the configuration and settings are basically insecure - loads of website still with a log-in where log-in data go over the wire in plain txt, no security headers implemented.
polonus (volunteer website security analyst and website error-hunter)