I saw a great post today over at the IT Toolbox site. It talks about stepping back and making sure you know the whole situation before you start acting. It's well written and accessible to anyone. If you don't understand the part about the proxy server and the help desk tickets, just skip it. I can't say what he does any better, so I'll just let Chief, the Security Monkey do my talking for me.
But since his last post was about blogs not adding content, merely linking to sites with content, I guess I'll have to do some real work here. The chief's blog is one of a handful which are informative, but not targeted at the latest research or trends. Instead, these blogs usually focus on techniques instead of results. I think everybody needs to have a few of these blogs in their regular reading list to make sure they remember the basics. But maybe I'm biased, since that is what kind of a blog I run here.
Knowing the processes that go into the results is the key to really understanding what the results say. It is fine to read the conclusions that story authors come to, but unless you understand how they came to those conclusions and can form your own, you might as well just use a Jump to Conclusions Mat. Understanding the basics and the underlying causes for things allows you to be skeptical and to see what people try to cover up, gloss over, or outright miss. As the chief's post makes clear, when you know how and why something does what it does, it is much easier to know how to change it. You can stop swatting at flies and get them out of your way for good.