The way I really learned (and keep learning)  about Joomla security was to start reading the security forum every morning:

http://forum.joomla.org/viewforum.php?f=432

If the tales of woe wept within do not spark your security urge, nothing will.

Action Item #1: A web guy from WV (Jeff Channell) frequently helps people out within the forum, and recently posted that he has found 9 Joomla extensions with XSS Vulnerabilities. He was kind enough to answer some questions about this issue and what to do about it, I will post Q&A separately. Here is the XSS vulnerability security forum post:

http://forum.joomla.org/viewtopic.php?f=432&t=420895

Action Item #2: Recently in my inbox I received an email blast from Phil Taylor, subject: 'not up to date' Joomla sites are being hacked by automated hacking bots at an alarming rate. Conclusion - make sure to keep Joomla installations up to date, and, of course, only download Joomla from the official Joomla site:

http://www.joomla.org/announcements/release-news/5242-joomla-1512-released.html

Resources: For Joomla security beginners (aren't we all) Joomla provides solid commonsense checklist:

http://docs.joomla.org/Category:Security_Checklist

For the advanced player, or if you just want to be scared, very scared, I like Tom Canavan's Joomla security book. Additionally, for those interested generally in network and computer security as a career, you will get a ton of great tools and tips from this book:

http://www.amazon.com/Joomla-Web-Security-Tom-Canavan/dp/1847194885