Have you implemented a firewall? An IPS? An AV? An IAM solution? A DLP? A DRM? An APT solution? A gateway proxy? An MDM solution? An SIEM? Chances are that you have answered “Yes” to at least two questions. (If not, please leave the information security industry right away and do something else. Really. Anything else will do!)
All these are very good technologies. They solve an information security problem, and they solve it well. What worries me, is that many (if not most) implementations of these technologies are not as effective as they can me. The problem? - Lack of well defined processes.