For a long time I have been interested in real, actual, legitimate security. I am not a fan of the widespread use of security theater in our “post-9/11 world”, as Bruce Schneier calls it.
Integrisure was supposed to be a real-world pentesting of “secure” facilities, a la Sneakers. In late 2000 / early 2001, I was working on a business plan and the initial legwork to find out what licensing, certificationss, etc I would need to do security testing at locations like airports.
Integrisure never happened. You can’t google it (well, ok – you can google it now: but you’ll only find this blog post and a bunch of unrelated businesses).
The basic business plan was as follows:
- establish contacts among management and security directors at various business and government facilities
- establish time ranges when we can arrive onsite
- using a team of known, documented, anonymous-looking individuals, find holes in security environments
- using always non-destructive means, attempt to tail-gate, leave “suspicious” items in conspicuous and inconspicuous locations, gain access to authorized zones, etc
- have plausible stories pre-built if anyone was “caught”
- report the results of our simulated attack, including all positives as well as issues, and provide consulting to our client “target” on how they could improve their physical security
More detailed aspects of the planned business were discussed, and written down, between myself and a couple of other folks who wanted to start with me.
We had a start date planned: we would form the company in Jan 2002 (so our fiscal year would align with the calendar year). We had several initial employee/contractors identified – some current or former military members, technical folks, and others.
I had even contacted a couple local companies that did security guard services to see if this was something they would either like to offer as a service, or would help participate in coordinating with their contacts.
Life was looking good. I graduated in May 2001 with my AAS, had some solid job prospects in computer programming and IT work, and was lining-up who I expected would be a great team to start Integrisure’s activities.
Then 9/11 happened.
Airport “security” was federalized, my two front-running programming/IT jobs went on hold and/or laid people off (most of their customers were in downtown Manhattan), and suddenly private companies checking for holes in security were not going to fly. (Especially at airports! 🙂 )