Guess what? The single most important book for security pros to read is not written by Ross Anderson, Gary McGraw, or Bruce Schneier, in fact it does not even mention security at all. No this is not some paean to a goddess of risk either. In fact its a book on integration.
The best SSG members are software security people; but software security people are often impossible to find. If you must create software security types from scratch, start with developers and teach them about security. Do not attempt to start with network security people and teach them about software, compilers, SDLCs, bug tracking and everything else in the software universe. No amount traditional security knowledge can overcome software cluelessness.