There are some great security catch phrases, like "Trust but verify." I found my new favorite in Fresher Cookers, an Economist article about designing stoves for the developing world.
“You don’t get what you expect—you get what you inspect,” says Dr [Kirk] Smith, [an expert on the impact of stove air-pollution on health.]
I think that maxim holds very true for anyone who inspects their enterprise to see how it is really used and abused. That saying holds true at every level -- network, platform, operating system, or application. All of these components are so complicated and ever-changing that you are likely to be surprised every time you stop to look at what's happening.
Richard Bejtlich is teaching new classes in DC and Europe in 2009. Register by 1 Jan and 1 Feb, respectively, for the best rates.