That has been the opposite of my experience. To a large extent, the government can't take IT security seriously, because they've outsourced it. There are smart people in and around the government but no coherent strategy. I don't want to get too specific but no DoD network I've seen or talked to people who ran ranks with the least of my financial services clients.
