Lock picking has long been a method of access to information. Professionals engaged in physical security reviews or social engineering assessments currently are the main security professionals using these methods. We’ve all picked the weak file cabinet lock at work or maybe even jiggled a key of a similar type to get access through a door, but how important is it really for security professionals to know this skill.
Recently having purchased a lock pick set and several training locks I found it was extremely easy to pick the locks. I went through a 6 set training lock package in just a few minutes and then an advanced 4 set in even less time. I’ve read a lot prior to the purchase and even have made picks out of street cleaner bristles, but very little practical knowledge. After moving on to master locks, etc. I found it was a little more difficult initially, but if you just sit down watching TV and practice picking the lock it becomes easy after a while. Now there are some very complex locks and I continue to learn and understand more about these locks. In any event, unless the lock implements very strong controls, picking the lock is done easily.
It is important that security professionals understand lock picking to grasp the risk. Many professionals really only talk security and don’t really practice it. The auditor comes in and says you need to put in badge readers because there is no accountability, etc. These people really don’t understand the simplicity of lock picking or the real weakness. Not that I’m anywhere near a professional at it.
- How many locks at your work environment are key locks?
- Is there sensitive information in these areas?
As professionals we should not underestimate the simplicity of lock picking. If you are serious about security you really need to get some lock picking practice and understand the risks associated with standard locks.
If you are interested in learning more you can learn lock picking at Defcon and ShmooCon
In addition, if you continue as a hobby I would recommend becoming a member of the following site.
InfoSecAlways.com 
obviously like your web-site but you need to test the spelling on quite a few of your posts. Many of them are rife with spelling problems and I find it very bothersome to tell the reality then again I’ll definitely come back again.
First off I appreciate you reading the blog and being so honest with your post.
It was very concerning when I read this comment because every blog is done offline in a word processing program with spell check auto enabled prior to posting. It appears however that with many of my earlier posts did not use the same process resulting in a few spelling errors.
With that said I performed a review of every post and found there to be a good deal of grammar problems using the wrong spelling of a word. I also noticed there are inconsistencies in font across some of the pages. I spent a good deal of time today fixing all of the spelling and grammar issues and hope to get some time to update the site so the font is consistent across all pages.
In any case, I appreciate you candid feedback and again thanks for reading.