Security failures rarely come from cutting-edge attacks or sophisticated tools. They happen in ordinary moments when someone holds a door, follows an instruction without questioning it, or finds a workaround that makes their day easier. Those small, human decisions are often the real entry points, and they tend to compound over time. This episode picks up the second half of our conversation on exploiting trust with FC Barker, a veteran ethical hacker and physical security expert known for legally breaking into banks, government buildings, and high-security facilities around the world.

With more than 30 years of experience, FC explains why human behavior, not technology, is consistently the weakest link in security, and how his success in physical breaches almost always depends on people trying to be helpful rather than malicious. The stories he shares range from quietly unsettling to darkly funny, but they all point to the same pattern: security controls fail when they don't account for how people actually work.

The discussion goes deeper into why trust, politeness, and unquestioned compliance undermine defenses, how workplace culture encourages risky shortcuts, and what actually helps reduce risk without fear, blame, or expensive overengineering.

Show Notes:

• [00:00] FC explains why most physical security breaches succeed because someone is trying to be helpful, not because of technical skill.
• [02:07] His background in cybersecurity and how physical security testing grew out of traditional penetration testing work.
• [04:26] Why trauma and hypervigilance can sharpen situational awareness in security professionals.
• [08:55] Early physical security failures are discussed, including poorly placed cameras and people casually sharing sensitive information.
• [11:06] FC explains how security controls that interfere with work often lead employees to find unsafe workarounds.
• [13:24] A story illustrates how even air-gapped systems fail when people move data for convenience.
• [15:32] Trust and rule-following culture are explored as major contributors to physical access failures.
• [16:40] FC shares how his near-perfect success rate comes from people helping him gain access without questioning authority.
• [17:08] He recounts an incident where employees helped him remove multiple computers from a secure building.
• [19:40] A failed engagement is described where internal resistance led to police being called unnecessarily.
• [24:00] FC tells the story of accessing a vault and removing a gold bar during a test unknown to senior executives.
• [26:53] The preparation required for high-risk physical tests, including staged kidnappings, is explained.
• [31:50] Practical advice begins with learning to think like an attacker when assessing your own home or workplace.
• [34:02] Situational awareness is discussed as a key deterrent against both physical crime and social engineering.
• [36:13] FC explains why security cameras are more useful for investigation than prevention, especially in offices.
• [37:41] Camera placement mistakes are covered, including mounting cameras within easy reach.
• [39:06] The importance of not advertising valuables or security measures is emphasized.
• [41:30] FC discusses personal vigilance and why monitoring finances and subscriptions matters.
• [44:00] His book How I Rob Banks is discussed, including the real stories and lessons it contains.
• [46:06] FC explains how his company chooses clients and why culture change is a major part of their work.
• [50:29] Security improves when systems are designed around real human behavior.

Thanks for joining us on Easy Prey. Be sure to subscribe to our podcast on iTunes and leave a nice review.

Links and Resources:

• Podcast Web Page
• Facebook Page
• whatismyipaddress.com
• Easy Prey on Instagram
• Easy Prey on Twitter
• Easy Prey on LinkedIn
• Easy Prey on YouTube
• Easy Prey on Pinterest
• Cygenta
• Dr. Jessica Barker
• FC aka Freakyclown - LinkedIn
• How I Rob Banks: And Other Such Places