Security people come from auditing and government backgrounds. They aren't about providing solutions or even keeping up with cracked algorithms, exploits, and hacking techniques.
They are almost solely about establishing a policy and enforcing it. In large IT organizations, security managers keep their jobs by doing things that upper management understands: policies and enforcement.
In reality what will help things are providing reference implementations of things like login flows, secured operating systems, secured web browsers, etc. In the age of AMI and docker images, providing key building blocks for secured systems would go a lot longer than a lot of the insanity I've seen over the years.
They are almost solely about establishing a policy and enforcing it. In large IT organizations, security managers keep their jobs by doing things that upper management understands: policies and enforcement.
In reality what will help things are providing reference implementations of things like login flows, secured operating systems, secured web browsers, etc. In the age of AMI and docker images, providing key building blocks for secured systems would go a lot longer than a lot of the insanity I've seen over the years.