Rich's "11 Truths We Hate to Admit" About Security is a must read (and think about!)!
2. The bad guys beat us because they're agnostic and we're religious.
4. Vendors are like politicians – they lie to us because we ask them to.
8. Network security is the result of a mistake, not an industry worth perpetuating.
9. Disclosure is dead.
etc. Read on!