2.1. Building the Operating Team

The operating team actually carries out the physical penetration and members can be divided into different roles with different responsibilities and areas of expertise. The team makeup will vary with each test as no two are alike; consequently, it is not enough to build one team and hope for the best. This must be done in the planning phase for every test. Financial and other practical considerations make it likely that these roles will overlap and team members will assume more than one role even within a single test.

2.1.1. Operator

Operator is a generic term used to refer to a core member of the operating team. This term is used to refer to all team members regardless of their specialties or roles. The basic operator role is where everybody starts before training in a specialist field. Though all team members may accurately be referred to as operators, these are usually the people who directly participate in testing rather than in a support role. As I say, the term is generic and does not imply expertise in any given role.

2.1.2. Team Leader

This team member has the ultimate responsibility for delivering the assignment, managing the project and team members, liaising with the client, and so on. This role shouldn't be permanent but cycled. This gives everyone leadership experience and encourages fresh approaches. The team leader usually leads the team in the field but sometimes this needs to be done from headquarters (HQ) where he takes the ...

Get Unauthorised Access: Physical Penetration Testing For IT Security Teams now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.