I agree that Security is a criticial sub-compotency. With identity theft, social engineering hacking and terrorist incidents, it isn't just the security director that ahs to be aware of threats and counter measures, it's everyone.

Documentation is another one.

I'm always shocked at the number of large clients which have little to no documentation of the architecture, processes and procedures.

It doesn't matter how well the infrastructure or application performs, if there is no documentation for it, it's a huge risk to the business.

Otherwise great article Jeff.