Data Center Knowledge: Bugs in the Data Center: How Social Engineering Impacts Physical Security
On June 9, 2022, NetSPI Security Consultant, Dalin McClellan, was featured in an interview on Data Center Knowledge called Bugs in the Data Center: How Social Engineering Impacts Physical Security. Read the preview below or view it online.
+++
One data center management team learned the hard way that bugs can be a menace – or, to be more specific, the people who hunt them. And we’re talking about real, six-legged bugs, not the computer kind.
It started last November when NetSPI, a Minneapolis-based penetration testing firm, was hired to do a test by a company that owned several colocation facilities. NetSPI’s job was to use social engineering to physically breach the data center, with the objective to get into one of their facilities and into a position where they could access the networks.
“This was a highly secured facility,” said Dalin McClellan, senior security consultant at NetSPI. “All the doors have retina scanners and badge readers. And there are man traps. You go through the door into a small room and wave to wait for the first door to close before you can open the second door and come in.” That means that McClellan’s team couldn’t just follow someone into the building. Worse yet, there are only two employees who work at the facility, plus a security guard. Strangers would immediately stick out. “Plus, we only had a week to prepare,” said McClellan.
Normally, what NetSPI would conduct deep research on the facility, find out about all the external visitors who are allowed in, collect copies of stationary and get sample email, and connect with the employees via social media or other channels. They typically start with Google, the company’s own website, LinkedIn, and then proceed to learning anything and everything they can about the facility and about the people who work there.
“And we would do physical reconnaissance, where we sit in a car outside the building and watch employees go in and out, and watch vendors go in and out,” he said. “Normally, this could take up to several weeks.”
But the client only gave them a week.
Read the full story online to discover how the social engineering engagement fared!
Explore More News
NetSPI Expands Suite of AI-Powered Continuous Pentesting Services as Organizational Attack Surfaces Grow
NetSPI expands suite of Human-Led, AI-Powered Continuous Pentesting Services, including a first-of-its-kind AI Findings Validation service, as well as continuous testing for web applications and internal networks.
AI’s Role in the Next Era of Pentesting
This article discusses how AI can accelerate penetration testing, but without human expertise to validate findings and apply business context, organizations risk confusing faster output with stronger security.
Why Continuous Security Validation is Becoming a Security Imperative
CTO Magazine interviewed NetSPI's Field CISO, Nabil Hannan, for a June 11, 2026, article about how cloud-native architectures, continuous deployment pipelines, APIs, and AI-assisted development have accelerated change across enterprise environments.