By the way, when I wrote that my $400 was like hiring all of their network engineers, I was not saying that that eliminated my responsibility to secure my own system regardless of what the firewall provides. I removed ftp, sendmail, and eliminated as much as I knew.
I completely agree with Jon when he writes,
If you run anyones stock distribution, you shouldn't call yourself a sysadmin and better hire someone who can compile a new one with whatever patches you need.
The bottom line is: Either learn security or hire someone who knows it no matter what OS you use.
So I don't call myself a sysadmin, and I hate wearing pagers and cellphones too.