As physical penetration testers, it's important to have that discussion with clients to help them understand what makes the most sense to include in physical security and social engineering assessments. Just like any other assessment type, there is often confusion with what's needed, verses what is realistic for their budget, deadlines, etc. This talk helps clients to understand the different physical assessment types, what's involved, what to ask for, as well as what things may or may not be necessary for your environment. Through this, we're hoping to take some of the guesswork out of your planning and budget requests to help you get the most out of your next physical and social engineering assessment.

Tim and Brent are Senior Security Consultants within NTT Security?s Threat Services group with focus on physical intrusion, social engineering, and covert entry. Their experiences with traditional/non-traditional penetration testing techniques include network, wireless, social engineering, application and physical testing. These techniques have led to highly successful Red Team assessments against Corporate and Federal environments. By sharing their experiences, they hope to continue to contribute to the InfoSec community.

@brentwdesign, @zanshinh4x

Back to Derbycon 2019 video list