Your an information security professional and need to make sure that your digital assets are secure. You are on top of it.
However, you leave the decisions of securing your physical assets (servers, HSMs, racks, backup, etc.) to someone else. Are you aware of what systems are preventing someone from getting through your data center doors? How they are built and implemented? Probably not, and neither is your auditor.
These systems are not built by vendors that come from the IT world and too often do not subscribe to the same information security or DevOps principles that you require. Default passwords, open ports, and broken crypto (or no crypto) are fairly normal hidden behind obscurity. Terry Gold presents at DerbyCon, a premier HackerCon, on how these systems can be exploited, the impact, and how to assess what you don’t know – and should.