The Seams Between Domains
Consider what happens when an employee leaves. IT disables their accounts and reclaims their laptop; facilities deactivates their building pass; HR handles the paperwork. Each department does its job correctly. But the contractor keyfob they were once lent, the personal phone still enrolled to collect company mail, the shared team password they knew by heart, the administrator account created for a one-off project two years ago and never removed - these fall between the three, because they belong cleanly to none of them. Every domain is covered, and the departed employee still has a way in. This is the same failure as the uncoordinated suppliers described under our Security Advisor service, now inside your own walls: security lives in the interactions between domains, and the interactions are exactly what no single departmental owner is responsible for. The same pattern runs through physical security - an intruder who follows a colleague through a controlled door, sits down at an unlocked workstation, and finds its disk unencrypted has quietly defeated three separate controls that three separate people each believed were sufficient on their own. A CSO owns those seams, and we test them the way an attacker would: end to end, across the boundaries your organisation chart draws.