I've been on a kick lately about getting the fundamentals down pat before people should devote significant time to advanced thinking and processes. I admit that it is very tactical, which most people don't think is that sexy. The problem is that if we only focus on the sexy, new advanced things, we lose sight of getting the bread-n-butter security things done. The things that provide 80% of the value of the team to the organization. Things like effective security monitoring, application security risk assessments and compliance programs. These things need to be solid before we can get into things that may provide value, but they're incremental improvements, not wholesale capabilities.
LinkedIn: Thinking Long Term Can be Short Sighted
Image credit: msittig, http://www.flickr.com/photos/msittig/2513955691/, cc