You have two types of prospect customers in the world of Red Teams: Those that believe they need help and are willing to invest in proper security, and those that believe their security is the best but since it's required by their oversight they will hire a security consultant to *try* to find security vulnerabilities.
The former are easy to convince that they need to perform different tests, including a physical penetration test. The latter... Well, those take some convincing to do.
I can show them presentations and hard data on why their security is lacking but they are too confident that their security is so good that they won't listen. In these cases I have to show them first hand. I usually would ask for permission to try to penetrate their building/network but sometimes I do it and then show them.
This last customer I had to convince authorized me to, quote: "try to bypass my security guards, I dare you...". Read More