Where I think the security community could make great strides in an educational outreach is in the area of cloud security. There are a lot of gaps that need / should be addressed but have been largely left up to the cloud provider.
The cloud is a nightmare from a security perspective. Every VM requires the same scrutiny as a physical machine and has the added vulnerability of the VM host OS. Each VM vendor has its own peculiar security checklist. Interaction between VMs is an issue too. One VM soaking up too much CPU is like having a toilet flushed while you are in the shower. The VM industry is still having growing pains around applications being “good citizens” in the shared soup pot.
I didn’t mention the tyranny of the periodic IAVM letters. We have to snapshot every VM, apply the patches then perform a full system test to warn the customer of any negative impacts. We get one week to reply. Any problems detected must be resolved before the patches get applied. This is a whole new wrinkle in the art of proposals and contracting.