Imagine a SysAdmin or Network Analyst leaves an organization. Even if they leave on the best of terms, you have a responsibility to the organization to change passwords they knew, to remove account access to contracted support providers (e.g.: Cisco TAC, IBM Support, etc.)
Suppose they leave on bad terms--now you have an employee who may be willing to publish your credentials to the world.
What do YOU do to secure your network when an employee leaves?
How do you deal with WLAN PSK's that the employee knew? Build a new SSID with a different PSK, move all your PSK wireless devices to the new SSID, then delete the old one? Or change the PSK on the old SSID and then force every device to be touched manually to get the new PSK--and take the resulting outage?
I bet some companies have formal policies for securing their vulnerabilities more thoroughly than I've thought out.
I look forward to your ideas and Best Practice suggestions in the Comments.