Now if only this didn't clash with corporate cost cutting...
What the article says is reasonable - if IT worked with their clients to actually solve problems, then we'd have both satisfied AND secure customers in our corporate divisions.
The problem is that this is entirely the opposite of what those same companies do when they outsource or otherwise budget for their IT (support) services. The typical outsource support contract is pared down and minimised so much the support people are specifically paid to NOT engage their brains, because that requires a longer support callout (and is thus more expensive).
The Outsourcing firms don't like that either, because if a customer's problem is actually solved, they don't need to call support again (ie: fewer callout charges). Instead they focus their team on solving *symptoms* only - and *never* looking into the actual problem - thus keeping the support calls (and charges) coming as long as possible...
(oh, and the above business model, on both sides, is from personal experience. At least one person was sacked for providing *too much support* because that gave the wrong picture to the firm who was about to buy the helpdesk operation)
Security/support personnel and customers working together also assumes that security knows a LOT about your business, so they can recommend something thats to the point. But of course for that to happen - these same staff need to be long term employees of YOUR company, so they have all that essential in-house knowledge. Kinda hard for an outsourced person at a call centre in another city/state/country to have that knowledge, or the handful of service people who make the in-person appearances (who, as I said earlier, aren't allowed to spend actual time with you because they aren't paid for it)
Wouldn't it be interesting if companies who fall victim to the large scale hacks could sue the executives who (10-20+ years earlier) had begun the cycle of outsourcing and removed any hope of the company withstanding the attack - and as such are directly responsible for the company and its staff being so vulnerable!! Gee, executives making a decision that was focused on something other than the next quarterly return, and taking responsibilty for it...?