The challenge with security, as you know, is it's only as strong as it's weakest link. It only takes one ignorant/incompetent person in an entire organization to jeopordize the org.

This statement could not be further from the truth. Your organization itself is completely incompetent if one ignorant employee can compromise it. The "swiss cheese" safety memetic is widely understood and basically common sense; in an actually competent organization, no single person has sole responsibility for success or failure of a process, and it takes individual failures at multiple levels to result in process failure.