A physical penetration test is often imagined as a contest: can the tester get in or not. That framing makes for a good story and a poor assessment. The interesting question is never whether a determined person can find a way in. It is why the way in existed, and what that says about everything else.
Our physical assessments evaluate how effectively controls operate under realistic conditions. We examine entry points, control measures, and the human factors that shape how security is applied day to day, all in a controlled and agreed manner.
Most successful physical compromises do not defeat a control; they exploit a behaviour around it. A door propped for convenience, a visitor waved through on the strength of a confident manner, a process followed perfectly until the moment it is inconvenient. These routine assumptions quietly create access pathways that no audit of the controls themselves would reveal.
That is why the most useful findings from a physical test are usually behavioural. The lock worked; the habit did not. The badge system functioned; the willingness to challenge a stranger had eroded. These are fixable, but only once they are seen.
A good test produces a structured report of observed weaknesses, the risks they create, and practical measures to strengthen both controls and behaviours. The behavioural recommendations tend to be the ones that endure, because they address the conditions that would otherwise recreate the same weakness next month.
Read alongside a threat and vulnerability assessment, a physical test grounds the wider findings in what actually happened when someone tried.
Threat Advisory is the threat and behavioural advisory practice of Jayde Consulting. Technical Surveillance Countermeasures are delivered by the parent practice.
