Problem is, some feces for brains boss is always going to come along and tell you to do what you know is not in the best interest of security. And when the problem rears its ugly head, YOU take the heat, not the idiot who insisted you go against proper procedure.
All I can advise, is document, document, document, then when it does come down, and they point the fickle finger of fate at you, you can always produce the documentation that 'da bozz' made ya do it...
Hmm. Incredibly biased opinion follows...
A basic security mindset is a combination of paranoia, a talent for contingency planning, and an understanding of business need.
However, the paranoia must not be so extensive as to be crippling, the contingency planning must not be so obsessive as to be paralysing, and the understanding of business need should not interfere with the periodic difficult and unpopular decisions that must be made to protect the greater good.