Because "Security is man-vs-man and humans are intelligent." – more about this here: What is it that makes security hard?
I am strong believer of process integration when it comes to security – more about it here: http://msdn.com/securityengineering
And here are some tools to support the process:
Threat Analysis and Modeling – http://go.microsoft.com/fwlink?linkid=77002
Fiddler – http://www.fiddlertool.com/fiddler
NETMON III – http://blogs.technet.com/netmon/default.aspx