If you haven't already, head over to the Daily Dave archives and read through the thread, Hacking: As American as Apple Cider. This is Dave's response to the recent Marcus Ranum editorial, The Six Dumbest Ideas in Computer Security.
Marcus' thesis seems to be that we can prove that many of the bedrock foundations of a modern infosec program are ineffective, so we should instead be focused on other more productive avenues to defense. I find myself sympathetic to this postion, though I do not agree with it. His argument that user-level security awareness training doesn't work is obviously false, for example. Although the typical computer user will never know as much as we do about security issues, I've personally observed my own users contacting me with security concerns that were brought to their attention because of our annual awareness training. Can we approach the security of our systems in some better way? Yes, we can and must. Do we know of a workable better way? Well, I don't, so I'm going to keep my eyes and ears open while I continue to implement what I know works.
I also have some problems with Dave's line of reasoning. In his essay Why hacking is cool, so that Marcus changes his website Dave tries to go for the high ground, equating hacking with fighting back against repressive regimes. There are some cases for that, I suppose, but that really doesn't seem to apply to any of the cases I deal with, nor with the vast majority of cases handled in this country.
I find hacking cool, of course, if done by authorized personnel. If you're a would-be Chinese dissident, then you've probably got a case there, too. But otherwise, it's not cool at all.