InfoSec Education Inquiry

I am interested in everyones thoughts on InfoSec Education.

What is the biggest problem within Information Security education?

What is your opinion on the best method to stay atop of this dynamic industry (e.g. formalized education within academia, certifications, training, etc)?

What skills are InfoSec professionals lacking and your thoughts on addressing this issue?

What are some of the strengths of your InfoSec professionals?

What other problems are you currently running into with InfoSec professionals (e.g. shortage of skilled individuals, scope of expertise, cost of skilled individuals, training, staying atop dynamic industry)?

What methods are you using to increase InfoSec awareness within your organization?

Thanks

 

Where to start... First try

It's not the fast changing technology that's the challenge, it coping with end users and management that's the biggest problem.
Most security professionals have an ict background. It would be great if they had a business background. Biggest problem is translating the business needs (laws, regulations, hipaa, basel II) to user awareness, information Systems, ict processes and instruments. Not many have this capability.
Awareness is more than just educating your users to know about security. It's also educating you security professionals to deal with users.

Infosec professionals, there are lots of different types...

Sec architects, managers, officers, see isc2.org
Auditors, isaca.org (netherlands: norea.nl)