Now, I was pining to hear something really cool and novel about security for some time (like, a week, maybe :-)) and - OMG!- this bit is it. It will totally blow the minds of people "doing security" and not thinking (not that much, anyway) about the big picture.
"Security folks need to begin by aligning their investments with the same priorities the business is investing in. What you'll see very often is businesses spend at least 10 times more on application development than networking investment. And you'll see that security is the reverse of that. They spend 10 times as much on network security than application security."