Physical Security
Penetration Testing
If a real adversary walked up to your building today, how far would they actually get? Red Obsidian's physical penetration tests answer that question with evidence — not assumptions. We probe the layered controls protecting your facility the way an actual threat actor would, then deliver a written remediation report your team can act on within the week.
The Four Pillars of a
Physical Assessment
Every Red Obsidian engagement covers these four control layers. Larger and more sensitive facilities can layer additional scopes (red-team exercises, multi-day operations, executive protection assessment) on top of this foundation.
Access Control
Door hardware, badge readers, key control, lock cylinders, and after-hours entry pathways. We document every weak point — including the doors that are technically secured but practically defeatable.
Alarm & Response Timing
Real-world measurement of detection-to-response intervals, including the full third-party monitoring chain. The number on your alarm contract and the number we measure on the ground are often very different.
Tailgating & Social Engineering
Controlled tests of employee policy compliance at lobbies, loading docks, secured zones, and after-hours entry points. We test what people actually do — not what the policy says they should do.
Written Remediation Report
Plain-English findings, ranked by severity, paired with concrete fixes. No 80-page audit document you will never read. The report you receive is the report you act on Monday morning.
A Typical
Four-to-Six Week Engagement
Scoping & Rules of Engagement
We sit down with leadership to define what is in scope, what is off-limits, who is authorized to know about the test, and what success looks like. Every engagement starts with a written authorization document signed by both parties — no exceptions.
Reconnaissance
Open-source intelligence, exterior site survey, and shift-pattern observation. We learn the building the way an actual adversary would — from the outside, without tipping off the staff inside.
Active Testing Phase
Controlled entry attempts, alarm and response timing measurement, badge testing, tailgating exercises, and policy compliance probes. Every action is logged with timestamps. We never break, damage, or remove anything from the property.
Written Report
Findings ranked by severity, paired with photographs, timestamped log entries, and concrete remediation steps. The report is structured so leadership, facilities, IT, and compliance can each read just the section they need.
Debrief & Walkthrough
Optional but recommended. We sit down with your team to walk every finding, answer questions, and prioritize fixes by cost and risk reduction. Many clients book a re-test six months later to verify remediation.
Who Should Schedule
an Assessment
Any organization holding valuable physical assets, sensitive customer data, regulated information, or controlled inventory benefits from a physical assessment. The most common Red Obsidian clients include:
Frequently Asked
Questions
What is physical security penetration testing? +
Physical penetration testing is a real-world, controlled assessment of how well your facility resists unauthorized entry. Unlike cyber pen testing, which probes networks, physical pen testing probes doors, badges, alarms, employee response, and policy compliance. The goal is to surface exploitable gaps before a real adversary does.
Who needs a physical penetration test? +
Any organization that holds valuable physical assets, sensitive customer data, regulated information, or controlled inventory benefits from a physical assessment. We most commonly test for healthcare offices, financial services, professional firms, manufacturing, warehouses, data centers, and any business preparing for compliance audits.
What does a typical engagement look like? +
A typical engagement runs four to six weeks. Week one is scoping and rules of engagement. Weeks two through four are the active test phase covering reconnaissance, controlled entry attempts, alarm and response timing, and tailgating tests. Week five delivers the written report. Week six is an optional debrief and remediation walkthrough.
How much does a physical penetration test cost? +
Engagements scale to the size and complexity of the facility. A focused single-site assessment for a small or mid-size business typically runs in the four-figure range. Multi-site, multi-week engagements scale from there. Every quote is fixed-fee, with no surprise add-ons.
Is physical penetration testing legal? +
Yes — when conducted under a written authorization and rules-of-engagement document signed by an authorized representative of the target organization. Every Red Obsidian engagement begins with that authorization and a scoped boundary statement. We never operate without explicit written permission.
Will the test disrupt our operations? +
No. Active testing is conducted with minimal footprint and no destructive techniques. Most clients report that staff was unaware testing was in progress until the debrief. The only operational requirement is that an authorized point-of-contact is reachable during the active phase.
Do you re-test after we fix the findings? +
Yes. A focused re-test six months after remediation is the most common follow-up engagement. It validates that fixes actually closed the gaps and surfaces any new issues introduced by changes. Re-tests are quoted at a reduced rate from the original engagement.
Find Your Gaps Before
Someone Else Does.
A scoping call is free and takes about twenty minutes. We will walk through your facility, your assets, your concerns, and what a realistic engagement would look like.