Security budgets are always tight, and each year it seems harder to convince companies to spend money on something that does not bring in profit. It is difficult to measure the success of security because you do not see the attacks that don't or can't happen.

When it comes to governments, they have even tighter budgets. Because of this, some of their sites can—well, let me be kind here: they can be of poor quality when it comes to security.

I have been lucky enough to work with many government agencies as part of my career. So, I have seen and fought against the red tape that can keep even the simplest security issue from being fixed. Some of my findings when working with governments around the world can be rather shocking to members of the public, who only find out about them after they have been fixed.

A government department (I can't say which) once asked me to perform an assessment of a site. It was a small, squat building, only two stories, with a single-story flat-roofed extension to the side. The site was not particularly interesting. It did not have any perimeter protection, as it was in the middle of a city and surrounded by other dull buildings. It always looked to me like a downtrodden library on the brink of closure, but inside were some very interesting technologies that I am certainly not allowed to talk about.

Gaining access into the building for my assessment was very easy, not just because I am experienced at it, but because ...