Organisational resilience depends on knowledge-driven standards and practices that enable risk owners to identify, evaluate, manage and react to complex, dynamic and interconnected threats. It is knowledge that determines the level of sophistication and effectiveness of an organisation's resilience strategy. This knowledge rests with those whose role is focused on security, who support security as an ancillary function, or who lead in specific technical risk areas. The establishment of consistent, credible, accredited and recognised knowledge production allows individuals and their employers to establish a competency framework that shapes the development and exercising of focused and relevant knowledge, and that critically allows the effectiveness of knowledge application to be measured. The process of knowledge production can be opportunistic or structured, enabling either transformative or incremental change. Learning can bring together professionals from markedly different career start-points to enable the process of career convergence where strengths, weaknesses and gaps in capacity are identified and addressed to create an effective and rounded security professional. This paper explores the concept of the security professional, how knowledge is created, the value of training, the importance of credible knowledge resources, how change can be affected, and the need for a formally recognised competency framework to shape professional development pathways within the security community.