InfoSight's Social Engineering & Physical Security Testing is a red-team consulting service that simulates human-targeted and physical attack vectors to identify security gaps across an organization's people, processes, and facilities. The service covers multiple attack vectors, including email phishing simulations, SMS/WhatsApp vishing campaigns, telephony impersonation, USB and malware implant tests, tailgating and badge cloning drills, dumpster-dive and shred audits, website-clone and watering-hole URL attacks, and suspicious-object and emergency response exercises. Engagements follow a structured methodology: - Reconnaissance and profiling using open-source and internal intelligence to build realistic attack scenarios - Multi-vector assault deployment across email, SMS, voice, webhooks, and on-site breach drills - Physical breach drills targeting badge systems, CCTV blind spots, and visitor management workflows - AI-enhanced social tactics including deepfake video and custom domain usage Deliverables include employee susceptibility scores broken down by role, team, and location; a tailored training roadmap addressing identified behavior gaps; a physical security gap analysis covering doors, cameras, and visitor management; and executive-ready reports aligned to NIST 800-53, ISO 27001, and HIPAA human-control requirements. Engagements are conducted by U.S.-based personnel holding certifications including CISSP, CEH, and OSCP. The company holds SOC 2 and ISO 27001 certifications. Flexible engagement models are available, including full-scope, micro-tests, and seasonal assessments.