Physical Security Intelligence

SECURE THE
FOUNDATION.
PROTECT THE
INFRASTRUCTURE.

CoreBastion delivers practitioner-led security consulting for data centers and critical infrastructure — built on 25+ years of operational experience and a conviction that physical security must be engineered to the same resilience standards as the infrastructure it protects.

Request a Consultation View Research Library ↓ Our Services
25+ Years of Experience
USAF Veteran — U.S. Air Force
AWS Hyperscale Background
IDCA Technical Standards Committee

What We Do

CORE CAPABILITIES

We specialize where the stakes are highest — data center physical security, critical national infrastructure, and enterprise risk. Our work is grounded in a core conviction: physical security at mission-critical facilities must be designed and assessed against the same tiered resilience standards applied to power, cooling, and connectivity. Most organizations have never been asked that question. We ask it every time.

Data Center Physical Security

End-to-end security posture development for colocation, hyperscale, and edge data center environments. CoreBastion applies a tiered security framework aligned with IDCA infrastructure classifications — ensuring your physical security posture matches the resilience level your facility is built and certified to deliver. From perimeter architecture to MLZ-tier threat modeling, we close the gap between infrastructure investment and security reality.

Tiered Security Assessment Perimeter Design Access Control MLZ Security Guard Force Integration AI Video Analytics

Risk Consulting & Assessments

Structured, evidence-based risk assessments grounded in operational reality. CoreBastion serves data centers, energy sector critical national infrastructure (CNI) including electrical substations, and active construction sites — environments where security is often an afterthought until it becomes a crisis. We assess drone threat exposure, construction phase vulnerabilities, and perimeter integrity against current threat vectors, delivering prioritized remediation roadmaps operators can execute.

Site Risk Assessment CNI / Energy Infrastructure Substation Security Drone Threat Assessment Construction Site Security Threat Modeling Gap Analysis

Security Program Development

Building security programs that align with enterprise risk tolerance and operational tempo. Policy, procedure, standards development with a focus on enforceability and practical adoption across operations teams.

Policy Writing Standards Development Program Architecture Compliance Alignment

Expert Advisory & Standards

Independent advisory for boards, executives, and technology vendors navigating the physical security landscape. Active participation in IDCA Technical Standards Committee.

Board Advisory Vendor Evaluation Industry Standards Litigation Support

The Firm

BUILT BY OPERATORS.

CoreBastion Security Consulting was founded on a single premise: the best security advice comes from people who have actually run security operations at scale — not from consultants working from checklists.

Our principal brings 25+ years of direct physical security experience, progressing from U.S. Air Force service through law enforcement, national retail, and into senior data center security leadership at Amazon Web Services.

CoreBastion operates from a conviction the industry has been slow to adopt: physical security must be tiered to match infrastructure resilience. A Tier IV data center protected by a Tier I security posture is not a Tier IV facility — it is a liability. We assess, design, and advocate for security programs that are engineered to the same standard as the systems they protect.

Our data center experience spans the full spectrum of facility types: hyperscale campuses, colocation and multi-tenant environments, edge and distributed compute nodes, nontraditional and purpose-built facilities, hybrid on-prem/cloud environments, and the emerging class of AI weight model / SCIF-derived high-security enclaves purpose-built to protect frontier AI training infrastructure and model weights against nation-state and advanced threat actors.

Our work extends beyond data centers into critical national infrastructure — energy substations, drone threat mitigation, and construction-phase security for major infrastructure projects where the attack surface is widest and protections are typically the weakest.

We advise clients who need decisions, not deliverables — organizations where the cost of a security failure is measured in operational disruption, reputational damage, and systemic risk to critical infrastructure.

How We Work

ENGAGEMENT MODEL

We move fast and stay practical. Every engagement begins with operational reality — not theoretical frameworks.

01

Discovery Call

A focused intake to understand your environment, threat landscape, and what decisions you need to make. No forms, no intake portals — a direct conversation.

02

Site Assessment

On-site evaluation using structured methodology. We document findings in real time, with georeferenced observations and photographic evidence where needed.

03

Risk Analysis

Findings are prioritized by actual likelihood and impact — not scored by generic matrices. You receive a clear, actionable picture of where your risk is concentrated.

04

Remediation Brief

Deliverable structured for both operational teams and executive stakeholders. We walk you through findings and stand behind our recommendations.

Connect

FOLLOW THE CONVERSATION.

Paul Jankowski is the Co-Founder and Principal Consultant of CoreBastion Security Consulting, a firm specializing in physical security strategy for data centers, critical national infrastructure, and enterprise risk. With more than 25 years of experience spanning the U.S. Air Force, law enforcement, and senior corporate security roles at Amazon Web Services, Walmart, and Sears Holdings, Paul brings practitioner-level expertise to every engagement. He holds the IDCA Data Center Infrastructure Specialist (DCIS) designation and serves on the IDCA Technical Standards Committee.

Connect on LinkedIn
Paul M. Jankowski
PAUL M. JANKOWSKI
Co-Founder & Principal Consultant
CoreBastion Security Consulting

Get in Touch

READY TO ENGAGE?

If you are responsible for the physical security of data center infrastructure or critical enterprise assets, we should talk.

CoreBastion engagements are direct, focused, and built around your timeline. We do not carry a bench — when you engage CoreBastion, you work with the principal.

Frameworks & Publications

RESEARCH & THOUGHT LEADERSHIP

Practitioner-developed frameworks and reference documents for data center security, critical infrastructure protection, and AI-era physical security design.

Framework // 2026

AI Weight Data Center Physical Security Framework

A comprehensive defense-in-depth architecture for frontier AI, hyperscale, colocation, and edge data center environments. Seven-layer onion model cross-referenced against RAND SL1–SL5 and the Escalating Cyber-Physical Defenses maturity model. Covers perimeter design, CPTED principles, dual-fence intrusion detection, AI video analytics, SOC architecture, and model weight enclave design.

Perimeter DesignCPTEDAI Video AnalyticsSOC ArchitectureRAND SL Crosswalk
Read the Framework
Intelligence Suite // 2026

C-UAS Market Intelligence Hub

Six-document counter-drone reference suite covering vendor intelligence across 14+ companies, 27 defeat weapons systems (handheld through HPM), global defeat authority across 23 countries, physical hardening, fiber-optic drone countermeasures, the Ukrainian drone ecosystem, and U.S. government authority by agency and site. Includes FY2026 NDAA SAFER SKIES Act and the Epirus Leonidas HPM breakthrough.

C-UAS VendorsDefeat WeaponsGlobal AuthorityUkraine EcosystemSAFER SKIES Act
Open the Hub
Intelligence Report // 2026

AI Physical Security Intelligence Report

52 vendors tracked across five segments: enterprise platform, pure-play AI, infrastructure, unified ops/PSIM, and security posture validation. Covers the full battlefield visibility stack from edge sensors through agentic unified ops. Includes Mistabra (posture validation category), AlertEnterprise, SureView Immix, Ambient AI FY26 growth, Verkada FedRAMP authorization, and Milestone Hafnia VLM. Updated with 2025–26 M&A intelligence and market developments.

52 VendorsUnified Ops / PSIMPosture ValidationAgentic AICNI / Data Centers
Read the Report
Architecture Guide // April 2026

Building Your AI-Augmented Physical Security Monitoring System

Practitioner architecture guide for building a functionally equivalent system to commercial AI monitoring platforms using open-source VMS, cloud CV APIs, and LLM reasoning layers. Covers the four-layer architecture, Frigate NVR, YOLO, Claude API integration with working code, hardware requirements, SOC 2 implications, and a six-phase implementation roadmap.

AI ArchitectureComputer VisionClaude APIData SovereigntySOC 2
Read the Guide
Intelligence Report // 2026

PSIM, SIEM & SOC/GSOC Orchestration Vendor Intelligence Report

28+ platforms across Physical Security Information Management, SIEM, GSOC orchestration, and converged operations. Covers the cyber-physical convergence trend, AI capabilities transforming GSOC operations, full pricing reference, and practitioner recommendations. Includes Genetec, Hexagon, Splunk, Microsoft Sentinel, Palo Alto XSIAM, AlertEnterprise, and Palantir.

PSIM VendorsSIEM PlatformsGSOC OrchestrationInsider ThreatConvergence
Read the Report
Intelligence Report // 2026

Access Control Systems Vendor Intelligence Report

22+ vendors across enterprise on-prem, cloud-native, credential hardware, and AI convergence tiers. LenelS2, C•CURE 9000, Genetec Synergis, Gallagher, Brivo, Verkada, HID Global, IDEMIA, and AlertEnterprise. Data center multi-zone architecture, identity lifecycle management, compliance requirements (SOC 2, NERC CIP, FISMA), and full pricing reference.

22+ VendorsEnterprise ACSCloud AccessIdentity LifecycleData Center Zones
Read the Report
Intelligence Report // 2026

Substation Physical Security Intelligence Report

The U.S. grid has 55,000 transmission substations — most lack robust physical security. Physical attacks hit a record 185 incidents in 2023. Covers the full attack history, Ukraine's six-year battle-tested hardening doctrine, six-layer protection architecture, ballistic and drone defense vendors, NERC CIP-014 compliance gaps, and practitioner recommendations for what to do now.

Grid SecurityBallistic ProtectionUkraine DoctrineNERC CIP-014Drone Defense
Read the Report
Point of View // 2026

Paul's Non-Negotiables: 20 Principles for CNI & Data Center Physical Security

Twenty practitioner convictions drawn from 25+ years across hyperscale, CNI, law enforcement, and the U.S. Air Force. Covers security program structure, the CSO model, cyber-physical convergence, the real attack surface, substation and fiber hardening, construction security, tiering doctrine, AI weight environments, guard force contracts, and the CICO process. Not a framework. Not a checklist. These are the things that cannot be negotiated away.

Security LeadershipCNI DoctrineSubstation HardeningProgram StructureConvergence
Read the List
Coming Soon // 2026

MLZ Security Model: Elevated Posture for AI & Machine Learning Zones

A proposed security posture framework arguing that Machine Learning Zone (MLZ) data center sites warrant a distinct, elevated security model compared to standard DC core or colocation environments. Covers threat delta, staffing model differences, access control architecture, and the case for treating MLZ as a separate security classification tier.

MLZ Tier ModelGuard Force StaffingAccess ControlAI Infrastructure
In Development
Coming Soon // 2026

SLA Framework for Contract Guard Force in Data Center Operations

A practitioner's guide to building enforceable, progressive SLA structures for contract guard force operations in data center environments. Covers KPI design, escalation penalty models, post order enforcement, and alternative SLA structures borrowed from other high-reliability industries.

Guard Force SLAKPI DesignContract OperationsPerformance Management
In Development

Intelligence Feed

SECTOR NEWS

Current developments in data centers, critical national infrastructure, physical security, AI model development, SMRs, and energy infrastructure.

Fetching intelligence feed...