Before initiating a physical security breach as part of a penetration test, what step should be taken to ensure the test is effective and within scope?

A pre-engagement site survey is essential to plan a physical security test. By walking the site and inspecting fences, gates, access controls, cameras, alarms, lighting, and guard postings, you map the actual security layout and how these measures interact with people and procedures. This gives you a clear picture of what you’re allowed to test, where you can operate safely, and how to design the exercise to meet the client’s objectives without overstepping bounds. It also helps identify safety risks and coordination needs with the site team, so the test remains controlled and lawful. Without this step, you might test the wrong areas, miss critical controls, or violate permissions. Focusing only on digital controls ignores the physical layer, and attempting any breach without proper written authorization beforehand would breach policy and create risk.