When you're frequently moving around between different environments, you want a security configuration that treats every one of them as an "untrusted" network - just like the internet itself. In fact, you'd want to secure your machine as if it was continuously "out in the open" on the internet without any external protective layers such as edge firewalls or proxy servers.
Some things are a must:
1) A very strong password. A "pass phrase" is even better. 30 to 40 characters is not a bad idea. Letters, punctuation, symbols... a phrase that's somehow meaningful to you without being a direct transcription of your favourite song lyrics, or anything like that.
2) A regularly updated machine. Windows update should be set to auto, or you should remember to (very) keenly check for new updates.
If the rest of the configuration is all default, even these two steps are theoretically sufficient to protect you. A few other points are obvious:
3) Reliable anti-virus.
4) Suitable firewall configuration that opens up just enough for you to be able to talk to their systems without completely dropping all defenses.
The real challenge is when they require you to join their domain in order to access resources. The mere act of joining a domain puts the domain admins group in full control of your machine, so that you're subsequently open to whatever security (mal)practices they've got going on their network.
In that case, I would personally consider running another OS installation in a virtual machine and using that to join the various domains as needed. No sense exposing the main OS install on the laptop to unknown risks.
