There are still areas that need improvement:

• Linux distributions (you know who you are) that under most deployments install as much software as possible and start up all sorts of services by default aren't helping the state of Linux security. Of course, there is a tradeoff between making a distribution functional vs. making it secure, but it seems as though more emphasis should be on the "secure" part.
• Educating users about security, especially network and host security monitoring principles, is important and good information is available. I highly recommend Richard Bejtlich's book "The Tao of Network Security Monitoring". Also, education is a primary goal of the Bastille Linux project.
• Fundamentally, achieving a high level of security requires that bugs be removed from software, and this means that strong source code review by knowledgeable developers is important. The best example I can think of for an operating system that builds this process into its core is OpenBSD.

You work on various security projects, which one is your favorite creation? Why?

My favorite project is "fwknop" (the FireWall KNock Operator) because I feel that it is hopefully the most innovative. So far, I don't think the security implications of Single Packet Authorization as implemented by fwknop (basically next generation port knocking on steroids) have been fully realized by the security community. An analogy can be drawn here between the evolution of email communications and the evolution of access control devices. Today, the effectiveness of email is being undermined by the pervasiveness of SPAM, and so mechanisms such as Bayesian filters and the Sender Policy Framework are commonly used to cut down the rate of unwanted email. The result is that email as a communications medium is becoming more restricted in order to minimize the effects of malicious traffic. In some cases, people even reject all email except for certain whitelisted addresses. This situation is similar to how network access control devices and firewalls became important to restrict access to services from an increasingly hostile and untrustworthy network. SPA does for network services what whitelists do for email. The difference is that SPAM can just be deleted, whereas a compromise of a system because a service was accessible from a malicious source is much more damaging.