Security

Never taken data home
Have requirements/policies for opening ports
Never hacked a PW without permission, although their immediate manager has given the authorization first.
There have been too many 'other' shortcuts that have been made, some would violate the company policy at various places that I have worked. But, these have been with consent from the user or manager of the user in question. In my opinion, these are the only people that should give permission to make certain requests. If both are unavailable, the item can wait, or if needed, a higher up manager, or my manager or that persons departmental manager can give permission as well. But, except for my manager, the management chain must go up in a direct line from the persons system/account that is in question.

Ok, not that bad

- Hacked a password without permission
We had a problem where we had a tech leave a site. All the local admin passwords were set to something other than our current rotation. He has also set the domain admin (for the site)password to be something different. Rather than get permission, I needed to get the job done. Nobody knew (until now) that I ever did this.

- Opened a port
We had some serious bandwidth issues at one place. I didn't directly get permission (eg I was told to just make it work). I split our incoming web traffic across two ports so I could track usage very CLEARLY for my PHB.

- Other
I clustered a couple of old servers together because our poor web server just wasn't cutting it. Nobody ever knew that is what happened (save for the incoming IT guy). They wouldn't buy the equipment, so I made due.

Mostly what I've done is due to lack of proper management and lack of oversite (or really caring) about the IT deparment.

But never for a client, I have only done it internally.

If the environment isn't receptive to the fix, it doesn't get done.

Bit of a jobs-worth approach but it's the best way of doing things.

I have broken password protection, but I had written permission before doing so.

Opening of a port for remote access, only with knowledge and approval of the client. since that remote access could have their system running again faster. and was limited to a specific user id and encryption key.

sensitive data is always secured, so I never do this one.

it is done properly all the time - a breach of security is NOT 'get the job done' it is being lazy.

Security is like being pregnant - either you are or you aren't

Anything done is with permission, written permission at that. Do we need to get around certain policies sometimes? Probably but only when the planning was not done correctly. However, that workaround needs to be clearly documented, signed off on, and agreed to.

I have to keep my clients secure. So I don't deviate from standards to get the job done. However some of my clients "don't care about security" and so I have different standards for different clients.

Well, depends on what you define as "other".