Episode 142: Learning Covert Entry with Brian Harris
Get the full intelligence
Search transcripts, export clips, track mentions, and explore all topics from “Episode 142: Learning Covert Entry with Brian Harris” inside PodZeus.
In Episode 142 of the Layer 8 Podcast, host dives deep into the world of covert physical penetration testing with Brian Harris, a seasoned expert with over 20 years of experience in both cyber and physical offensive operations. Harris shares insights from his flagship course, the Covert Access Team (CAT) program, which simulates real-world building intrusions through hands-on training in badge cloning, lockpicking, social engineering, drone reconnaissance, and team-based missions. He emphasizes that physical security is foundational—without it, cybersecurity is meaningless—and argues that the most effective assessments go beyond a single breach to uncover systemic vulnerabilities. Harris stresses the importance of tailoring tests to client needs, whether for budget justification, compliance, or due diligence, and warns against the 'James Bond' mindset of stealthy one-off breaches. Instead, he advocates for thorough audits, ethical data collection, and constant communication with clients. He also highlights the psychological aspect of security: attackers often succeed not through force, but through trust—like the 'box of donuts' social engineering tactic. The episode concludes with a call to action: develop one core skill, master the 'escape clause' of social engineering, and always prioritize the client’s long-term security over a flashy one-time win.
Physical security is the foundation of all security—no cyber defense matters if an attacker can walk into the building.
The most effective physical pen tests go beyond a single breach to uncover systemic weaknesses through comprehensive audits.
Social engineering is the most critical skill—never underestimate the power of a friendly smile and a box of donuts.
Always communicate with the client during an engagement; unexpected elements like robots or unsecured access cards can derail plans.
Most surveillance systems only record for 2–5 days, meaning a breach may leave no trace—making stealth more effective than force.
…and 3 more takeaways available in PodZeus
Introduction to Brian Harris and the CAT Course
“You're going to be cloning badges. You're going to be creating badges. You're going to be picking locks. You're going to be wearing disguises. You're going to be working with drones. You're going to be doing reconnaissance. You're going to be doing social engineering. Like everything that you might do to break into buildings, you're going to be doing it.”
The Psychology of Physical Penetration Testing
“You have to realize that most people, it's not their job to be security. And it's really easy. And you know, it's really easy to bamboozle people. You know, confidence, one or two props, you know, that's usually it.”
Beyond the One-Time Breach: The Value of Audits
“If you run a pen test, like when you social engineer your way into a building, you may and likely won't find out that, oh, well, by the way, when an employee is fired or they quit their job, we don't actually deactivate their access cards.”
The Legal and Ethical Boundaries of Data Collection
Harris outlines the legal risks of recording audio or video inside buildings, especially under laws like GDPR in Europe. He warns that even if you’re inside a building, recording employees without consent—even if it’s for a report—can lead to serious legal consequences. He recommends using remote PIR sensors for motion detection instead of visual or audio recording.
The Real Threat: Insider and Long-Term Infiltration
“It's literally that simple. Right? It's what I jokingly refer to as the trusted method of infiltration.”
“The one skill that is non-negotiable for any infiltration team is an escape clause. And that's social engineering, right? The ability... to talk your way out of any problem.”
“You're going to be cloning badges. You're going to be creating badges. You're going to be picking locks. You're going to be wearing disguises. You're going to be working with drones. You're going to be doing reconnaissance. You're going to be doing social engineering. Like everything that you might do to break into buildings, you're going to be doing it.”
“It's literally that simple. Right? It's what I jokingly refer to as the trusted method of infiltration.”
Host
Guest
Brian Harris
person
Covert Access Team
organization
GDPR
other
HIPAA
other
DGI Mini Drone
product
offshore substation
other
Compass CyberGuard
organization
Layer 8 Conference
organization
F-22 Raptor
product
White House
other
Episode 141: Carter Zupancich - Vishing with AI
Layer 8 Podcast • 40m • 4/13/2026
Episode 143: OSINT Keynote, Training and Mistakes!
Layer 8 Podcast • 45m • 4/27/2026
Episode 144: Gunther Royen and Scott McLean
Layer 8 Podcast • 33m • 5/5/2026
Episode 145: Brett Redman of OSINT Industries
Layer 8 Podcast • 40m • 5/11/2026
Get the full intelligence
Search transcripts, export clips, track mentions, and explore all topics from “Episode 142: Learning Covert Entry with Brian Harris” inside PodZeus.
Start discovering podcast insights today
Start with a 7-day trial and explore a growing catalog of popular podcasts. No credit card required.
No credit card required • 7-day trial • Cancel anytime