Service Line · 04 / 07 · Assessment · Program
Physical Security Consulting
Most physical security work in mid-market is equipment-led — more cameras, more access control, more binders. Ours is threat-led. We start with who and what the organization actually needs to defend against, then design the program backward from there.
— The difference
Physical security assessments done by former law enforcement find what they know to look for. Assessments done by people who have planned operations against hardened targets find what your adversary looks for. Those are not the same list.
— Overview
A physical security program is only as good as the threat model underneath it. Most mid-market physical security work starts with an equipment wish list — a vendor recommends cameras and access control, the company purchases them, and the result is a system that was never designed around a specific adversary or a specific set of scenarios. The gaps this approach leaves are often obvious to anyone trained to find them.
Our approach begins with a threat model — who is most likely to attempt what, against which assets, using what methods. That model drives the assessment, and the assessment drives the recommendations. The result is a security program that protects what actually needs protecting, rather than one that creates the appearance of security without the substance.
We also provide executive protection advisory for leaders who face elevated personal risk — either because of their position, their public profile, or a specific threat situation. This includes travel security planning, residential security assessment, and OSINT-based digital exposure analysis. Many executives are surprised by what a structured open-source intelligence review reveals about their personal digital footprint.
— How we work
The engagement from first call to final deliverable.
Four phases · scoped individually to the client
- — 01
Threat Modeling
Before visiting a site, we establish the threat model — the realistic adversary scenarios the security program needs to address. This shapes everything that follows. A retail location's threat model looks very different from a financial services office or a C-suite executive's residence.
- — 02
Site Assessment
We conduct a structured walk of the facility, evaluating perimeter security, access control, CCTV coverage, lighting, visitor management, emergency egress, and CPTED factors. We look for what an adversary would find — not what a compliance checklist asks about.
- — 03
Findings & Recommendations
We deliver a written report with prioritized findings — organized by risk level, not cost — with specific, actionable recommendations for each. We distinguish between quick fixes, medium-term investments, and structural improvements so you can sequence remediation against budget and risk tolerance.
- — 04
Implementation Support
For organizations that want support beyond the assessment, we provide implementation advisory — vendor selection, policy development, staff training, and program monitoring. We can be engaged as a fractional security director for organizations that need ongoing guidance without a full-time hire.
— Investment
Transparent pricing. Scope drives the number.
Ranges shown reflect single-location mid-market engagements. Multi-site, complex, or urgent engagements are scoped individually. A thirty-minute consultation is the fastest path to a written proposal.
Physical Security Assessment
Single site; multi-site and campus assessments priced on scope
$3,500 – $8,000
Security Program Design
Policy library, SOPs, staffing model, vendor guidance
$7,500 – $20,000
Executive Protection Advisory
Travel security, residential assessment, OSINT exposure review
$2,500 – $5,000
Ongoing Advisory Retainer
Fractional security director; on-call advisory, annual program review
$2,000 – $4,000 / month
— Common questions
What clients ask before they engage.
How is a threat-led assessment different from a standard security audit?
A standard security audit checks whether equipment is present and policies are documented. A threat-led assessment starts by asking who would try to breach this facility, how, and under what circumstances — then evaluates the program against those specific scenarios. The gaps that matter are often invisible to a checklist-based audit and obvious to a scenario-based assessment.
We have cameras and access control. Do we really need an assessment?
Cameras and access control are tools. They are only effective if they are positioned correctly, monitored appropriately, and integrated into a program with clear protocols for response when something is detected. Many organizations have significant technology investment that creates minimal actual protection because the human and procedural elements aren't there.
What does an executive protection advisory engagement cover?
It typically covers travel security protocols (pre-travel threat assessment, in-country resources, communication plans), residential security assessment, and an OSINT review that identifies what is publicly available about the executive — home address, family information, daily routines — that could be exploited by a threat actor. Many executives are surprised by what this review surfaces.
— Related capability
Often engaged alongside physical security consulting.
— Engage
Let's talk about scope.
Pricing and timeline vary with the size of your organization, the maturity of the existing program, and the outcome you're engineering toward. A thirty-minute consultation is usually the fastest way to a written proposal.