> For Security Professionals (us): Stop being gatekeepers and start being enablers. Put down the "How do you not know this?" attitude and pick up the "Let me explain why this matters" approach.

Eeeehhhh… gatekeeping is, IMO, not quite the right term.

On the one hand, gatekeeping is restricting access until conditions are met, regardless of how spurious and irrational those conditions are. And usually, despite some pretty insane conditions. Questioning the fundamental competency of someone who ought to know even just a little better is challenging why they aren’t already possessing access, not preventing access in the first place.

On the other hand, most people in the IT industry love to talk about all the little shinies they are obsessed about. So while they may not be the best teachers in the first place, tickle their passionate shinies hard enough and they will talk your ear clean off, down the hallway, drop it through the lift and have it staggering bloody and beaten onto the sidewalk outside before you can get a word in edgewise. So getting people in IT to be advocates for the work subjects they are passionate about is not the problem - it’s training them how to deliver that information effectively to someone not in the know and not initially passionate about it.

On the gripping hand, there are plenty of people in almost every industry for whom ”How do you NOT know about this core component of your job??” is a very valid criticism to lob with great enthusiasm at them. A verbal shock like this can be very useful for disturbing a person out of their complacency, especially if they already see themselves as an SME. The real trick is following that statement up with something that can truly inspire and encourage them to willingly reach for competency in that component.