It's not like this is revolutionary or anything, but I have been thinking a lot about firewalls these days. The firewall as Swiss cheese is a common symptom, but it is worth really considering what happens to the firewall as it continues its move from being a separator (with legitimate users on the inside) to a filter (with most legitimate users on the outside).
Let's put it this way — the firewall as a deterministic filter is not particularly useful.
I know, I know, this is not a surprise… but it is really interesting using this as a starting point as network security product categories start to really collide.