Human Error: the hidden threat to physical security

November 12th, 2025 | Bucharest

Over 80% of security incidents involve human error and overlooked procedures.

When we think of cybersecurity, hooded hackers and remote attacks are often the first things that come to mind. But statistics show that over 80% of security incidents involve human error and overlooked procedures.

This hands-on workshop at DefCamp dives into the often ignored world of physical security, where a lack of awareness, poor habits, or simply skipping steps can lead to major breaches. We’ll explore real-world attack techniques, dissect incidents caused by procedural failures, and train you to identify and mitigate these human vulnerabilities.

Strengthen your defense by securing the real weakest link: people. Join us and learn practical strategies that go far beyond the digital perimeter!

Why is this workshop relevant?

While digital defenses are constantly evolving, physical security and the human element remain the weakest links in organizational cyber resilience.

Modern attackers frequently exploit physical access and employee mistakes to breach systems; issues often overlooked in traditional cybersecurity training.

This workshop provides hands-on, real-world experience with physical security threats and practical solutions to safeguard an organization.

Attendees will walk away with actionable strategies, a deeper understanding of human risk factors, and the skills needed to create a truly holistic security culture.

Defending beyond the screen is a must – make sure your defenses don’t end at the server room door!

Workshop agenda

Introduction & Icebreaker

Definition of physical security in cybersecurity, real-world examples, what’s often overlooked.

Module 1: Physical Attack Vectors

Tailgating, dumpster diving (case study), targeting unattended equipment, demo of device planting.

Module 2: Access Control & Human Error

Badges, biometrics, CCTV, social engineering, case studies, human factor discussion.

Module 3: Protecting Critical Infrastructure

Server rooms, mobile/workstations, network infrastructure, sensitive zones, floor plan risk exercise.

Module 4: Incident Response & Coordination

How to investigate and respond, log review, IT & security collaboration, incident simulation.

Module 5: Best Practices & Standards

ISO/IEC & NIST frameworks, OWASP, organizational checklists, integrated security discussions.

Wrap-up & Q&A

Key takeaways, open questions, resources for further study.

About the trainer

CRISTIAN IOSUB

Cristian Iosub is an auditor at White Hat Technology, a company specialized in penetration testing and physical security audits. His expertise covers a wide range of security domains, from incident response and digital forensics to real-world physical breach simulations such as tailgating, piggybacking, and rogue device planting.

Beyond his professional work, Cristian is the founder of CyberShield, an NGO dedicated to cybersecurity awareness, and CyberSkill.ro, an educational platform providing structured courses on identity theft, social engineering, online fraud, and ransomware. Through these initiatives, he has trained hundreds of students, professionals, and organizations in Romania, making complex security concepts accessible and practical.

At DefCamp, Cristian brings his experience from both field audits and educational programs, designing interactive workshops where participants can explore hands-on techniques used in physical and cyber attacks, along with the corresponding defense mechanisms.

Who is it for?

This workshop is designed for Intermediate to Advanced participants with an interest in the intersection of physical and cyber security. It’s especially suitable for:

Cybersecurity Professionals (Red Team / Blue Team) interested in integrating physical attack vectors into their scenarios
SOC analysts and Pentesters seeking to understand and exploit physical vulnerabilities in IT infrastructures
IT Managers and System Administrators responsible for protecting critical infrastructure and enforcing security policies
Security Coordinators and Risk Managers charged with safeguarding organizational assets and incident response planning
Researchers and Security Practitioners investigating hybrid attack methods and physical-digital compromise scenarios
Enthusiasts and Students aiming to expand their practical knowledge of how human error, lack of procedures, or overlooked physical controls can open the door to major breaches

No prior experience in physical security is required, but participants should have a foundational knowledge of cybersecurity concepts and terminology.

The workshop blends real-world attack demonstrations, practical exercises, and best practice frameworks, making it invaluable to professionals aiming to bridge the gap between physical and digital security domains.

Key learning objectives:

✔ Recognize common forms of human error and physical security weaknesses that can lead to IT infrastructure breaches

✔ Identify and exploit real-world physical attack vectors, such as tailgating, lockpicking, and dumpster diving

✔ Apply best practices and develop effective procedures to bolster physical security and minimize human-driven risks

✔ Respond to and mitigate incidents resulting from procedural or human failures

✔ Conduct risk assessments to evaluate and strengthen physical security posture in an organization

Other information & prerequisites

Participants should have a basic understanding of information security concepts and general knowledge of how IT infrastructures function (e.g.: what server rooms, workstations, and network equipment are). Familiarity with common security terminology, organizational procedures, and risk management practices will be helpful but is not mandatory.

No prior experience in physical security, social engineering, or penetration testing is required. This workshop is accessible to all security-minded professionals eager to learn how physical vulnerabilities and human factors impact overall cybersecurity.

Technical requirements for attendees:

Participants should bring a smartphone with internet access for interactive activities and quick online lookups.

No laptops or specialized equipment required.

All necessary materials for exercises (paper and pens) will be provided on site for brainstorming and hands-on activities.

No specific software installations or online accounts are needed prior to the workshop.

Estimated Workshop Duration: 5 hours

This range ensures everyone has enough space to participate comfortably in interactive activities, group discussions, and hands-on exercises – without feeling crowded.

Language of Instruction: Romanian / English / Hungarian.

Participation fee: EUR 250

FAQs

What happens if there aren't enough participants?

If we do not meet the minimum number of participants, you can either transfer to another workshop and pay or receive a refund for any difference in price, or opt for a full refund. You will be notified in advance and given options to choose what works best for you.

Are food and accommodation included in the price?

The workshop price covers food. However, accommodation is not included, but we can recommend nearby options for your convenience.

Can I get a refund if I can’t attend after registering?

Yes, full refunds are available up to 15 days before the workshop start date. However, if you cancel after that, we can offer only 50% of the price.

How and when will I receive the details about the location and prerequisites?

You will receive an email with all the necessary details, including the workshop location, prerequisites, and schedule, at least one week before the event. If you have any immediate questions, feel free to reach out to us directly.