I found a marvelous four-part series that examines what's wrong with enterprise security and what needs to change.
Fair warning, though. The installments are 'glass-half-empty' in tone and substance. Security wonks tend to take a suspicious and negative view of the world. After all, they're dealing with creeps and a wide range of misdeeds and criminal behaviors. No one would listen to a polyanna-ish security expert, anyway.