I know, it blows (no pun intended) ones mind doesn't it? I've worked for some pretty bureaucratic companies in the past with some pretty poorly designed security processes--but the TSA is outer limits. Currently, I work in digital security for a financial institution, if I did my job with as little thought as TSA does their job in regards to security risk analysis, usability, and incident response; I'd have been FIRED a long time ago AND you could bet I'd never get another job in digital security engineering again if I did my job as poorly as the TSA does theirs.

And let me be clear, I'm not talking about TSO's here. I'm taking about the people that actually come up with the ill thought out processes the TSO's blindly follow. It's the policy and process designers that just aren't thinking it through or seemingly have NO background in anything that resembles REAL security.