Off-topic: Have you been hanging around tptacek a lot lately? You have suddenly started giving out security advice. A good thing, but quite noticeably different. ;-)
I've worked with Thomas (not primarily on the security side of his house), consider him a friend, and go out to dinner with him every time we're in the same time zone. That has probably increased my interest in web application security, since I nurse secret dreams of being a web pentester. (He would probably say much the same about running a primarily product business, depending on the level of seriousness we had in the conversation.)
That said, every professional engineer should understand enough about security to carry out their duties to their customers. Accordingly, I've been peripherally interested in it for years. See, among many others: