We don’t break in, we badge in

We don’t break in, we badge in

From Cyberside Chats: Cybersecurity Insights from the Experts by Chatcyberside

April 7, 2026 · 29 min · Episode 67

About this episode

Matt interviews Tom and Derek about how attackers often gain access to organizations through social engineering rather than technical hacking.

In this episode, Matt interviews Tom and Derek from our pen test team to break down why attackers often don’t need to hack their way in at all. While most organizations invest heavily in tools like EDR and SIEM, Tom and Derek share how they regularly get inside buildings using nothing more than confidence, a good story, and sometimes even a box of donuts. From posing as copier technicians to tailgating behind employees, their experiences show that people are often the easiest way into an organization. And once they’re in, things escalate fast. Physical access can quickly turn into network access, whether it’s plugging in a device, jumping on an unlocked workstation, or moving through the environment with far fewer restrictions than an external attacker would face. The big takeaway is simple. Real-world testing exposes what audits miss. Doors get propped open, employees try to be helpful, and small gaps add up in ways most organizations never see on paper. If you’re not testing your people and your physical controls, you’re only testing part of your security. Key takeaways: 1. Attackers target people first, not systems - Social engineering consistently bypasses even mature…

People in this episode

Host: Matt

Guests: Tom, Derek

Topics covered

  • social engineering
  • physical security
  • penetration testing
  • cybersecurity
  • organizational risk

Keywords

  • penetration testing
  • social engineering
  • physical access
  • cybersecurity risks
  • employee training

More episodes of Cyberside Chats: Cybersecurity Insights from the Experts

Explore listener stats, chart rankings, contacts and more on the Cyberside Chats: Cybersecurity Insights from the Experts podcast page.