What You Can (and Can’t) Automate in Physical Security Routine Maintenance

Physical security penetration testing (often known as red teaming) is a proven strategy of testing physical security controls with the goal of pushing them to failure. In the military, government and in cybersecurity firms, this is an accepted and embraced process. For some reason, in much of the private physical security sector, this is a taboo subject. This presentation will provide real life stories of past pen test engagements. This will provide insight into the techniques used, challenges faced, skills required and all that goes into a proper physical pen test. This presentation is not only about why a pen test is done but about how it is done.

Replace fear of failure and incorrect perception of penetration testing with an educated fail-fast mentality, allowing security managers to generate a successful business case (including funding) to improve their technological, operational and physical security controls. Are you wasting money on controls that aren't working? Are you about to invest in more controls? Are you sure they're the right ones? Please come join us for story time with your friendly neighborhood physical security hacker.

Learning Objectives:
1. Describe the skills needed to be successful during a physical penetration test.
2. Describe how to generate a business case for physical security penetration testing that is aligned with their client's or employer’s business model.
3. List numerous physical, mechanical, electronic, operational and human bypass techniques used by physical security penetration testers.