The hardest part of being the only Security person in my org is that it's really hard to document "this is common knowledge in my field, but arcane knowledge outside it", because everyone is really worried that they don't understand the context, but anyone in the intended audience would understand it without the documentation.