{"id":9272,"date":"2015-11-04T18:09:02","date_gmt":"2015-11-05T00:09:02","guid":{"rendered":"http:\/\/hcstx.org\/?p=9272"},"modified":"2015-11-04T18:09:02","modified_gmt":"2015-11-05T00:09:02","slug":"why-your-secure-building-isnt","status":"publish","type":"post","link":"https:\/\/thetacticalhermit.com\/index.php\/2015\/11\/04\/why-your-secure-building-isnt\/","title":{"rendered":"Why Your Secure Building Isn’t"},"content":{"rendered":"
<\/div>\n
\n

\"Physical<\/a><\/p>\n

Better Security through Penetration Testing<\/strong><\/em><\/p>\n

My book, <\/em>Red Team: How to Succeed by Thinking Like the Enemy<\/a>, provides the first in-depth investigation into the work of red teams in the military, intelligence, homeland security and private sectors, revealing the best practices, most common pitfalls, and most effective applications of their work. Below is an adaptation.<\/em><\/p>\n

In the course of conducting interviews for my book, Red Team<\/em><\/a>, I unintentionally broke into an allegedly highly secure government building. After initially failing to obtain a meeting with a senior official in a government security position, I requested that a mutual acquaintance pass along a short e-mail, from a Gmail account, describing my research project and questions that I hoped to ask. Weeks later, an administrative assistant reached out to me and let me know that this senior official had agreed to meet me in person. The administrative assistant and I spoke over the phone to arrange a time the following week, mid-morning at the senior official\u2019s office. The assistant then sent me a confirmation e-mail with the location, different transportation options to get there, and a reminder to bring my government-issued ID.<\/p>\n

The office building was a highly secure facility, set back more than a block from traffic, and ringed with blast walls, a series of controlled-access points, armed guards, surveillance cameras, and metal detectors. Once past the access points, visitors are required to show their IDs, have scheduled a meeting that appears in a shared internal database, get their photograph taken, receive a visitor\u2019s photo badge that is always supposed to displayed, and, finally, have an employee escort them through the hallways.<\/p>\n

After arriving five minutes late, I was waiting in a long line to pass through a metal detector when a security guard answered a phone call and then shouted a close approximation of my name. I stepped out of line to answer, and before I could say anything, she said, \u201cOh you can go ahead, they are waiting for you upstairs.\u201d I walked to the front of the line, thinking that I still needed to be screened, but she simply waved her arm and declared, \u201cNo, no, you can just go around and head on in.\u201d Next, I approached a front desk, which several armed guards stood behind, to show my passport, get my picture taken, and receive my badge. Before I got to the desk, a young man\u200a\u2014\u200alikely an intern\u200a\u2014\u200aasked, \u201cAre you Zenko?\u201d After I nodded affirmatively, he replied, \u201cOkay, let\u2019s go.\u201d Not only was I never asked to show my ID, checked against the internal database, or provided a badge, but, before the young man and I walked away, a guard behind the desk handed me a slip of paper that mysteriously read: \u201cSCREENED.\u201d I placed it in my pocket. We then took the next available elevator to the senior official\u2019s office.<\/p>\n

Read the Remainder at Medium<\/a><\/strong><\/p>\n<\/div>\n

 <\/p>\n","protected":false},"excerpt":{"rendered":"

Better Security through Penetration Testing My book, Red Team: How to Succeed by Thinking Like the Enemy, provides the first in-depth investigation into the work of red teams in the military, intelligence, homeland security and private sectors, revealing the best practices, most common pitfalls, and most effective applications of their work. Below is an adaptation….<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_newsletter_tier_id":0,"jetpack_publicize_message":"","jetpack_is_tweetstorm":false,"jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":false,"jetpack_social_options":{"image_generator_settings":{"template":"highway","enabled":false}}},"categories":[1317,1132,1189,65,10],"tags":[1865,2839,2840,2841,2842],"jetpack_publicize_connections":[],"jetpack_sharing_enabled":true,"jetpack_featured_media_url":"","_links":{"self":[{"href":"https:\/\/thetacticalhermit.com\/index.php\/wp-json\/wp\/v2\/posts\/9272"}],"collection":[{"href":"https:\/\/thetacticalhermit.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/thetacticalhermit.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/thetacticalhermit.com\/index.php\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/thetacticalhermit.com\/index.php\/wp-json\/wp\/v2\/comments?post=9272"}],"version-history":[{"count":0,"href":"https:\/\/thetacticalhermit.com\/index.php\/wp-json\/wp\/v2\/posts\/9272\/revisions"}],"wp:attachment":[{"href":"https:\/\/thetacticalhermit.com\/index.php\/wp-json\/wp\/v2\/media?parent=9272"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/thetacticalhermit.com\/index.php\/wp-json\/wp\/v2\/categories?post=9272"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/thetacticalhermit.com\/index.php\/wp-json\/wp\/v2\/tags?post=9272"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}