I disagree with the walking a thin bar analogy.
The problem with security is that if it's open it's really open. I think it's better to compare the security with the skin. The more skin you hide the less easily it'll get poked through, but if you miss some spots you can still get all the blood unless you have something to keep it in.
I suppose an analogy to the human body is the server is more explanatory.
So I tend to want to ask "are there any holes anywhere" or "where is my armor the thinnest?". And I've found that "other person software" is the mayor hole in everything. Honestly, it's hardly ever the code you write yourself that's the problem. Also because hard lifting is done for you, but the point remains that there's something about big-kernels and systems packed with bulging software packages are just.. It's hell. So much skin. So hard to check.