There's a lot of value in hearing other managers' stories about the problems they faced, and the (often innovative) solutions they used in solving them.

For example:

Many years ago, while supporting a security software product for Internet banking, our client started seeing what looked like a hacking attack on their servers running our product. After spending several days analyzing log files, we discovered that a new technology we hadn't counted on (called DHCP - used by Internet Service Providers) was changing their clients' computer addresses occasionally.

To our product, this intentional feature of the client's ISP made it look like an outsider was suddenly trying to hijack their banking sessions. In the end, it was our security product that wasn't expecting this type of event.

The bottom line here is that security products need to take the real world environment into account, and not just assume that "ultimate security" is the goal. The real goal should be to get business done without putting too many assets at risk.