Recently I switched jobs and one of the interesting parts of changing jobs is everything is new and you have the 'fresh pair of eyes'.
The new environment has everything, a big network, mobile, malware and other attacks and a bunch of people.
It is this people factor that is actually the most challenging. Right now besides the technical aspects of the job, I am trying to convince a lot of people that the techie side of security is only a small fraction of the job.
Technically it has been the basics:
* user accounts and privileges
* network segregation
* vulnerability management
* incident response
Although it isn't possible for every organization to hire new infosec people all the time, it remains in my opinion a good exercise: Ask yourself why the things are as they are and evaluate the needs of the organization, they might have changed.