Root Cause Analysis: Stop Playing Whack-a-Mole

My latest piece in SecurityWeek entitled "Root Cause Analysis: Stop Playing Whack-a-Mole" is out: http://www.securityweek.com/root-cause-analysis-stop-playing-whack-mole.  In this piece, I tried to bring attention to the often overlooked topic of root cause analysis.  Much of incident response involves continually treating symptoms, but how can we look at treating the cause of what ails us?  In my experience, it's a discussion worth having and something that many of us struggle with.  Have a look at the piece and let me know what you think.