re: #9 Dark_Falcon

Quite Concur. I would, however, like to know how the little weasel was able to con that many people.

Because sitting in a briefing or in front of a computer screen and clicking the correct responses on a multiple choice quiz is different from having it happen to you in real life. Security needs to start doing white hat social engineering to actually train people what to expect: that is, random calls to people trying to get their passwords, phishing emails, and then MOAR TRAINING/possible knuckle-rapping to the suckers who take the bait.

By the way, contractors, military, and civilians get the same training and the same security clearance investigations. There are a bunch of problems with the over-reliance on contractors in the federal government, but clearances and violation rates are red herrings.