At my current professional position, I am concerned by I.T. security, including auditing (PCI-DSS). PCI-DSS requires the audit to be realized by a Qualified Security Assessor (QSA). This is to say I know a little about the topic.
Now I've just found out about the following story titled "Our security auditor is an idiot, how do I give him the information he wants?" which was certainly a big source of headache, anger and frustration for its writer.
I do not expect to meet the same kind of issues with our QSA, hopefully.