The basic skill in securing your environment is to understand the big picture.  In other words, not only how to secure your computers and networks, but also what your limitations might be.  We've all heard of the principle of least privilege.  If an application or user has privileges beyond what they really require to perform their tasks, then the potential exists for an attacker to take advantage of that fact to compromise your environment.  In the past, many domain administrators only had one account that they used for everything - reading email, administering the domain, writing documentation etc.  So if that administrator's account was somehow used to launch an attack, the attack was carried out with all of the domain administrator's privileges - often to devastating effect.  Many environments now separate the accounts based on the work being done.  For reading email etc, a domain administrator would have a normal user account.  However they would have a second account that they would use for administrative tasks.  By separating the roles, the you reduce the risks of widespread compromise.