Actually his method is one password, after one password and then one password.
Pass#1: To open your truecrypt container
Pass#2: PK password.
Pass#3: Your remote login. (optional, as the key pair can perform auth on their own, but you might want to su to other account)
Because he is a "security guy", probably he is using one of those password managers/generators. Which means that if you get his PC and manage to get and brutteforce his "password manager" along with his PK, you get all in one place to enter on every place he can. Surplus! Because there's no way he can remember (in the braincells) the user/pass combos he has in his password manager, you can just delete its database to lock the owner outside of his own property.
(Isn't paranoia b-e-a-u-t-i-f-u-l or what?)