Every now and then, something happens that disrupts the entire process. Usually this is when someone down the chain of command has fundamentally misunderstood the role we play in security with our assessments. Through either stupidity or arrogance, and generally a frightening combination of the two, they have no idea what they are doing and have somehow risen to a position of power that is frankly bewildering to me.

Occasionally these individuals ruin everything, and while that is a little annoying, what annoys me more is that they have singlehandedly wasted weeks of work and tens of thousands of pounds of our clients’ money.

As always, this situation starts with a client approaching us to test the security of a building, often a new building. Let's say it's not meant to be superbly secure, but some sensitive information is contained in some of the offices, so it needs to be security-checked.

With assessments like this, we spend several days performing recon. In this particular case, we unfortunately had to rely on a lot of internet sources due to the remote location. Visiting the site in person could alert security. It was decided that we would do the final recon work on the ground the night before.

During our recon phase, we were introduced to an individual we shall call Bob. Bob was the manager of the building and was reticent about the whole process: my client, the one commissioning the work, worked at a higher level than Bob, so Bob ...