File this under "Posts I Wish I'd Written". Amrit Williams' "
The 7 Greatest Ideas in Security," really highlights a lot of my basic thoughts on how security should work. His conclusion sums things up cogently, but go read the entire post:

Some may argue that something has been forgotten or that the order is wrong, but I would argue that we must learn to develop securely, implement the proper security controls, verify the functioning of these controls, leverage the research of the greater community, ensure that what cannot be protected is hidden, and from the beginning to the end properly plan, prepare, and set the right expectation - these are the greatest ideas in security and if we learn to embody these principles, we would be moving the industry forward as opposed to constantly feeling like we can only clean up the incompetence that surrounds us.

Also, extra points for the great turn of phrase "Inspect What You Expect".