I spend too much time thinking about the roles and responsibilities in information security. Fortunately, I am not alone in this. Richard Bejtlich just posted an interesting article. I like the graphic he uses, and I support his analysis.

In Richard's vision, it seems that the role of the information security professional is much more that of a specialist than many practicing professionals believe they are. It also clearly outlines that because of our specialism (specialism as in: focus on a narrow area), we are ideally suited to play an (in-house) consulting role.

Excellent post. Go read it.