The SANS Internet Storm Center has a great handler post about working at the Abuse department for an ISP:
Securing a Network - Lessons Learned
The handler, Deborah Hale goes into detail about some of the issues faced. Things like end users not having up-to-date antivirus, mail servers getting blacklisted and then it be a tedious process to get them unblocked, to the insecurity of small business customers without full-time IT staff and the risks they pose. Loved the point about reviewing logs (point #1). Often in security your logs are your best friend.
