probably code order, the insert code is probably before the validation code on your page.
"should the validation behavior Key column be UserID and the Key value be SecurityAssist_UserID session variable?"
Yes, the key column should be the User ID column, the key value should use the session created by the login page. This may or may not be named SecurityAssist_UserID, take a look at the login page, go to the server behaviors panel, double click the Authenticate user behavior, and go to thew sessions tab to see the name of the User ID session that is created.