Security is a process not a product.  That process needs to be created, reviewed and refined.  That's were I come in.