CM-SEC is a security testing company that helps organizations evaluate how well their physical security, human security behavior, and related technical controls perform in real-world conditions. We focus on authorized assessments designed to identify weaknesses before they can be exploited by the wrong person.

CM-SEC provides authorized physical penetration testing, on-site social engineering testing, wireless and RF exposure assessments, OSINT exposure reviews, network penetration testing, and validation of certain existing security systems such as counter-UAS or drone-detection solutions already deployed by a client. Our goal is to help organizations understand whether their current security measures are actually working in practice.

Organizations with offices, campuses, warehouses, healthcare facilities, industrial environments, executive spaces, restricted areas, visitor workflows, access-controlled spaces, or sensitive operations can all benefit from this type of testing. If a business relies on people, policies, doors, badges, alarms, cameras, guards, or procedures to protect its environment, there is value in validating how those measures perform in the real world.

CM-SEC focuses on testing and validation, not just equipment, theory, or compliance language. We do not exist to pressure clients into buying hardware they may not need. We focus on evaluating what is already in place and determining whether it actually holds up under realistic conditions.

Because security controls often look stronger on paper than they do in practice. A company may have cameras, access badges, policies, visitor procedures, and employee training, but still have serious gaps in execution. CM-SEC helps identify those gaps before they become incidents.

No. CM-SEC’s work can include physical security testing, human-based security testing, wireless and RF exposure work, OSINT-related exposure review, and network penetration testing depending on the engagement scope. We focus on practical security validation across the areas most likely to matter in real-world operations.

Yes. In many cases, those are the organizations that benefit most from independent testing. Existing security measures should be validated, not assumed to be effective simply because they are installed.

Yes, when properly authorized. CM-SEC only performs work with clear written authorization, defined scope, and agreed rules of engagement. We do not perform unlawful or unsanctioned activity.

Physical penetration testing is an authorized assessment designed to determine whether an unauthorized person could bypass physical security controls or exploit process weaknesses in order to gain access to a building, restricted area, or protected space. It helps validate whether doors, procedures, access control measures, staff awareness, and facility protections are actually working.

It can uncover weaknesses involving unsecured entrances, poor visitor management, weak escort enforcement, ineffective badge checks, poor challenge culture, unlocked access points, side-entry exposure, procedural shortcuts, and the ability for an unauthorized person to move through a facility without being noticed or stopped.

Yes. Front desk workflows, visitor verification, sign-in procedures, escort expectations, and receptionist awareness are all common areas where real-world weaknesses appear. These are often some of the most important control points in a facility.

Yes. One of the most valuable parts of real-world testing is seeing whether employees question unfamiliar people, enforce access expectations, and react appropriately when something seems off. A written policy only matters if people follow it.

Yes, when authorized in scope. Tailgating and piggybacking remain some of the most common physical security failures because they rely on convenience, politeness, and routine rather than actual verification.

Yes. Depending on scope, testing can be performed during business hours, after hours, weekends, or other low-staff periods. Many facilities behave very differently outside of normal operating windows, and those differences can expose important weaknesses.

Yes, when those areas are included in scope. Secondary entrances, service access points, parking areas, and less-monitored approaches often create real opportunities for unauthorized access or unnoticed movement.

Not as a default service. However, if a client specifically wants to determine whether a structure or entry point can be breached using real-world methods, that type of testing may be considered under tightly controlled conditions.

Yes. Our staff has training relevant to real-world entry methods. That said, any forced-entry style validation would require detailed written authorization, clearly defined scope, additional documentation, and separate signed approvals before any such testing could take place.

Yes. If approved at all, it can be tightly restricted to specific targets, specific methods, and clearly defined boundaries. It can also be structured in a controlled or non-destructive way depending on the client’s needs.

Social engineering testing is an authorized evaluation of how people respond to realistic human-based scenarios. It helps determine whether trust, urgency, routine, authority, friendliness, or appearance can be used to bypass expected security procedures.

It can reveal whether employees verify identity properly, whether staff are too trusting, whether information is shared too freely, whether someone can obtain access through confidence or urgency, and whether written procedures are actually enforced under normal human pressure.

Yes, when included in scope. Different roles have different security responsibilities, and a strong engagement can help show whether those responsibilities are being carried out consistently.

Not at this time. CM-SEC is currently working through vendor relationships, service planning, and compliance considerations related to offering phishing-related services in the future, but it is not an active service today.

Not at this time as a formal live service. It is an area of future interest, but our current focus remains on authorized physical testing, on-site social engineering, and related security validation work.

Not at this time. CM-SEC recognizes the growing relevance of AI-enabled impersonation and deepfake-based social engineering, but we do not currently provide deepfake voice or video testing as an active service offering.

A wireless or RF exposure survey helps identify and explain wireless signals, nearby transmitting devices, and suspicious radio-frequency activity in or around a facility. It is useful for understanding technical exposure that may otherwise go unnoticed.

Depending on scope and environment, it may help identify unauthorized Wi-Fi devices, unexpected Bluetooth activity, suspicious transmitters, and other active signals that may create security concerns or deserve further review.

Yes, in some environments and depending on what is transmitting. An RF assessment may help identify hidden microphones, transmitting bugs, hidden cameras, or other suspicious devices operating in offices, conference rooms, executive spaces, or sensitive areas.

Yes. CM-SEC can perform network penetration testing as a standalone engagement or as part of a broader assessment, depending on the client’s needs and the approved scope.

Network penetration testing can help identify exposed services, weak configurations, segmentation issues, visibility gaps, reachable systems, and other technical weaknesses. It can also help validate how well monitoring and alerting are functioning when active testing is part of scope.

Yes, when authorized. Active scanning involves directly interacting with systems and networks to identify exposed services, open ports, reachable assets, and potential weaknesses. This work is always scoped and controlled.

Yes, when that is part of the approved objective. In some engagements, controlled active testing can be used to help determine whether a security team, SIEM, EDR, IDS, or other monitoring tools are seeing activity the way they are expected to.

Passive scanning is quieter and observation-based. It focuses on identifying information without directly interacting with a target in a way likely to trigger alerts. Active scanning involves direct interaction with systems, devices, or networks in order to validate exposure, identify weaknesses, or test detection and response. Passive work is lower impact and stealthier. Active work is more direct and more likely to generate logs or alerts.

Neither is universally better. It depends on the goal. Passive testing is useful when the client wants lower-impact assessment or stealth-focused observation. Active testing is useful when the client wants stronger technical validation, better asset exposure insight, or confirmation that defensive monitoring is functioning properly.

Yes. Many clients benefit from a phased approach that begins with passive observation and moves into active testing as needed. This allows the engagement to stay controlled while still producing meaningful technical insight.

An OSINT exposure review looks at publicly available information that may create real security risk for an organization. This can include employee details, building information, publicly exposed documents, images, naming conventions, and other information that could help an outsider plan an approach.

Because many real-world security problems begin before anyone shows up on site. Publicly available information can help an outsider understand how a facility operates, who works there, what language or pretexts may be believable, and what targets or workflows may be easiest to exploit.

Yes. OSINT can help shape realistic scenarios by revealing what an outsider could learn before making contact, visiting a facility, or attempting a pretext. It is often one of the most valuable parts of a real-world assessment.

Yes, depending on scope and client authorization. CM-SEC can help organizations evaluate whether their existing drone-detection or counter-UAS measures appear to be functioning as expected in real-world conditions.

Yes. This type of validation can help determine whether the system detects activity, whether alerts are generated properly, and whether the organization’s escalation procedures are functioning the way leadership expects.

Yes. In many cases, the human response matters just as much as the technology. Testing can help determine whether security personnel respond appropriately when alerts or drone-related indicators are present.

No. CM-SEC focuses on validating systems that clients already have in place rather than selling hardware. Our role is testing and security assessment, not equipment sales.

Clients typically receive a professional report explaining what was tested, what was observed, what weaknesses were identified, why those issues matter, and what improvements may be appropriate. Debriefs can also be included.

Yes. We focus on practical recommendations that clients can actually use. The goal is not to produce vague theory, but to give organizations clear next steps that improve security in the real world.

Yes. Retesting can be performed after corrective action has been taken to help validate whether previously identified weaknesses have been reduced or resolved.

Yes. CM-SEC can support recurring testing arrangements for clients who want ongoing validation over time rather than a one-time assessment.

Yes. Ongoing testing can be structured based on the client’s needs, such as every three months, every six months, once a year, bi-yearly, or on another agreed cadence depending on the environment and the client’s objectives.

Yes, discounted pricing may be available for recurring or ongoing testing depending on the engagement structure and client needs.

No. CM-SEC is not a private investigation firm and does not present itself as one. We are focused on security weaknesses, red team operations, physical penetration testing, social engineering validation, OSINT-related security concerns, and authorized security assessments.

Not at this time. CM-SEC is currently working toward stronger internal maturity and future compliance goals, but we are not SOC 2 compliant today. Our engagements are led by trained cybersecurity professionals and grounded in practical security thinking.

Our team brings experience in cybersecurity, network security, penetration testing, open-source intelligence, military experience, and fire department experience. That background supports a practical, disciplined, and mission-focused approach to security work, with emphasis on professionalism, real-world thinking, and controlled execution.