In reference to Omer Taran’s 10 most common security experts’ sins, here’s my humble addition to that list. I’m doing a very bad generalization rule of some security experts that I’ve met throughout my IT years, and referring to security experts as "them", I hope they’ll forgive me:

1. No collaboration - Security experts seem to like working alone or at least thinking of their own opinions as god’s word. Security’s sense of community is still lacking and far behind most fields. Sharing knowledge, in my opinion, is power.
2. No simple message - An "expert"’s value is in taking a complex issue and explaining it with a clear and simple message, presenting the alternatives shortly and recommending a solution. Most times, listening to security experts, you just can’t understand a thing. Simplification as a rule of thumb.
3. No organizational understanding - It sometimes amazes me listening to some of the solutions that security experts offer and discuss, showing little to no understanding of how the organization works and how people behave in it. Technology, as Omer stated, is a small part of what IT security is. An IT consultant shouldn’t be technology oriented, but rather - people oriented.
4. No business logic - IT security is vital for business and has a presentable business model. It’s not a bizarre concept. If you can’t justify your suggestion in a "value" sense, then don’t suggest it at all. Car brakes aren’t meant to make the car slower, they’re made to allow the car to drive faster safely.
5. Reinventing the wheel - Sometimes security experts have the info, and they know it’s been done before, yet they still feel as though they want to reinvent the wheel and do it their way. Endless statements like "our situation is unique" "this has never been done before" serve as excuses to ignore what’s obvious. Ego problems.
6. Fixation - If security experts used it once and it worked, then they will stick with that solution to the very (bad) end. This is part of what contributed to the "put a firewall and be done with it" IT syndrome.
7. Using meaningless buzzwords - Using keywords like 1-7799 and Common Criteria as security buzzwords like they’re some magical solutions. "Just configure some 7799 in the firewall and shove it up with some Common Criteria on the backbone, that should take care of the problem."
8. No listening abilities - It’s much easier to just act rather than to actually listen. A security expert usually "just knows" - knows what the problem is, what the costumer wants, what’s best for the organization. Think otherwise? have a different opinion? don’t bother saying anything, they’re not listening.
9. Solving a problem that doesn’t exist - "This security solution also does coffee, cleans up your office and makes love to your wife", great, wonderful, that’s really nice to know, but it so happens that I don’t drink coffee, I like my office messy and I’m divorced. Oh, I forgot… you’re not listening.
10. Getting lost - over here, pal. Starting out at one place and coming out in somewhere completely different. It might be more interesting over there, but this is what I really needed.