Real-world security testing for facilities, people, and the environments behind them.
CM-SEC is a San Diego-based security testing company focused on authorized, controlled, real-world validation. We help organizations understand whether their physical security, human security behavior, access workflows, exposed information, wireless environment, and connected systems actually hold up the way leadership expects.
Who We Are
CM-SEC exists to answer a simple question: could an unauthorized person reach what matters without being detected, challenged, or stopped? Many organizations already have cameras, policies, badges, doors, visitor procedures, security staff, and technical controls in place. What they often do not have is a real-world validation of how those measures perform under realistic conditions. That is where CM-SEC comes in.
What Makes CM-SEC Different
We do not lead with assumptions. We test them. CM-SEC is not built around vague theory, generic consulting language, or pushing hardware first. Our work is centered on disciplined, authorized testing that helps clients see where trust, access, process enforcement, physical protection, and technical visibility break down in practice — and what to do next.
What We Do
Authorized Physical Penetration Testing
We validate how well physical controls actually perform, including entry points, visitor handling, restricted areas, challenge culture, escort expectations, and after-hours exposure.
On-Site Social Engineering
We test whether trust, appearance, routine, urgency, or confidence can be used to bypass expected security behavior and move deeper into an environment.
OSINT, Wireless & RF Review
We examine public exposure, nearby wireless activity, Bluetooth presence, suspicious signals, and other environmental indicators that may create risk before or during an incident.
Network & Internal Security Testing
We support deeper security validation through network pentesting, internal exposure review, device visibility checks, and practical assessment of how systems and monitoring behave under controlled activity.
How We Work
Authorized & Scoped
Every engagement is built around written authorization, defined scope, controlled conditions, and clear rules of engagement.
Professional Field Execution
Our testing is structured, deliberate, and conducted with operational discipline. We focus on realism without creating unnecessary disruption.
Evidence-Based Findings
We document what was tested, what was observed, where weaknesses were confirmed, and why those weaknesses matter.
Remediation & Retest
Our goal is not just to identify problems. It is to help clients correct them, strengthen operations, and validate improvements over time.
Training, Certifications & Technical Development
CM-SEC testing personnel maintain ongoing development across hands-on forensics, detection, pentesting, OSINT, infrastructure security, cloud security, and advanced cybersecurity certifications and training.
Investigating Windows Endpoints
Endpoint forensics and Windows investigation training.
Cyber Dark Arts
Advanced cybersecurity training from the Cybersecurity and Infrastructure Security Agency.
Advanced Computer Forensics
Forensic methods and investigative analysis training.
Threat Handling Certificate
Threat identification, handling, and response foundations.
Certified Information Systems Security Professional (CISSP)
Advanced security leadership and systems security certification.
GIAC Information Security Fundamentals (GISF)
Foundational information security certification.
GIAC Foundational Cybersecurity Technologies (GFACT)
Core technical security concepts and cybersecurity technologies.
Practical OSINT Research Professional (PORP)
Open-source intelligence research and investigative methodology.
CompTIA Security Analytics Expert (CSAE)
Stackable certification path focused on advanced security analytics capability.
CompTIA Secure Infrastructure Expert (CSIE)
Infrastructure-focused stackable security certification path.
CompTIA Advanced Security Practitioner (CASP+)
Advanced practitioner-level cybersecurity certification.
CompTIA Secure Cloud Professional (CSCP)
Cloud-focused stackable security certification path.
CompTIA Cloud+
Cloud infrastructure, administration, and security knowledge.
CompTIA Network Security Professional (CNSP)
Stackable path focused on network security capability.
CompTIA Security Analytics Professional (CSAP)
Security analytics and defensive review stackable certification path.
CompTIA Cybersecurity Analyst (CySA+)
Detection, analysis, and threat-focused cybersecurity certification.
CompTIA Network Vulnerability Assessment Professional (CNVP)
Stackable vulnerability assessment-focused certification path.
Cybersecurity Professional Penetration Tester
Penetration testing and offensive security training path.
CompTIA PenTest+
Penetration testing and vulnerability assessment certification.
CompTIA Security+
Core cybersecurity certification covering practical security fundamentals.
Security should be validated — not assumed.
CM-SEC helps organizations understand where real-world weaknesses exist before the wrong person finds them first. If you want to know whether your controls hold up under realistic conditions, CM-SEC is built to help you find out.
Request Consultation