The proliferation of smart spaces, such as smart buildings, is increasing security vulnerabilities arising from the interplay between cyber and physical entities. We proposed that a representation of the topology of cyber and physical spaces may provide security-relevant contextual characteristics and support the verification of security requirements. We also developed a tool that enables editing and visualising of security-relevant topological characteristics of a building, and verifying that access control policies satisfy security requirements. In this article we report on our experience of applying our approach and the tool to solve practical physical access control problems, and provide some lessons learned for researchers and practitioners.