While brute force hackers are a dime a dozen, the best ones do threat footprint analysis. To counter this, answer the following questions
1) analyze what the computer artitecture looks like by drawing it out on a whiteboard. If someone disagrees with what you are drawing as far as what the assets are, do not be quick to argue with them. This can be a great learning process.

2) By identifying the needs and business requirements of the network, it can be easy to simplify it and make assessments about what the Crown Jewels are and motivation to hack the network.

3) utalize tools such as Microsoft Threat Analyzer. I would include the URL but there are constantly new versions. By using a service analysis of what is running, it can pull i commonly known exploits for each service and how best to integrate them.

There is a trade off between policy and usability. By knowing the business requirements of the network, creactivity can be given as to how to mitegate these threats.