“Securing access to buildings, internal access points, and assets is typically handled by a corporate security group outside of IT and assumed to be secure. However, the process for evaluating technology that is implemented at the door is typically very different than how IT selects vendors, and the criteria for doing so far more relaxed. The result, is that many of the access points that are required to be secure, such as data centers, executive offices, R&D labs, dispensaries, even the front door, are more times than not fairly simple to subvert – and look like an authorized user while doing so. IT Executives and InfoSec professionals have been relying on colleagues to execute security that meets their expectations has mostly failed them and largely remains to be identified, remediated, or even understood. Even the auditors who have signed off in various compliance areas (Such as PCI for a data center protection) are unaware. Gaining physical entry, going undetected, and taking possession is far more simple than most assume and metrics for proper assessment are seldom assessed jointly with the stakeholders that depend on them. This session will discuss how physical security access control generally operates, from system infrastructure to credentialing and authentication. It will focus on understanding the general technology, its glaring flaws and how it can be repeatedly subverted across a corporate facility. By going through a demonstration, discussing best practices for remediation, and an opportunity for Q&A, the audience should be equipped to understand the risks in their environment and take action to interact with their colleagues in a meaningful way to begin to address the security gaps that have long been ignored. Additionally, we will overview advanced credentialing concepts that bleed into IT such as secure elements chips, cryptographic keys and contactless approaches that can be leveraged to suit both IT and Physical Access future requirements.”