Likewise, I've never found any correlation between those degrees and security improvements delivered by consultants. Honestly, the best security consultants I know of are essentially con men (and women!) who have devoted their amateur psychological instincts to good. You can apply all the best tech but without organizational change it won't last. On the flip side if you bring organizational change to adopt security in depth as a value then even substandard tech can serve the purpose. In that vain, the best security consultants (meaning someone hired temporarily for their expertise – not a long term employee hired by renewable contract) are those who can imbue leadership with the vision of their organization as one that benefits financially from security as a cultural value. I'm not sure who did this for Apple but they are a good example of a company that has benefited from a reputation earned by truly valuing security instead of trying to merely make sure everything is secure.