You could generalize the "protocols" requirement by adding familiarity with "formats". You don't have to know the ins-and-outs of every format out there (whether data, image, archive, or document), but you can go a long way by understanding the principles behind a format specification, and the standard ways to violate thos principles.
[ reply ]
Link to this comment: http://www.securityfocus.com/comments/infocus/1861/492#492