Physical Security Intelligence
CoreBastion delivers practitioner-led security consulting for data centers and critical infrastructure — built on 25+ years of operational experience and a conviction that physical security must be engineered to the same resilience standards as the infrastructure it protects.
What We Do
We specialize where the stakes are highest — data center physical security, critical national infrastructure, and enterprise risk. Our work is grounded in a core conviction: physical security at mission-critical facilities must be designed and assessed against the same tiered resilience standards applied to power, cooling, and connectivity. Most organizations have never been asked that question. We ask it every time.
End-to-end security posture development for colocation, hyperscale, and edge data center environments. CoreBastion applies a tiered security framework aligned with IDCA infrastructure classifications — ensuring your physical security posture matches the resilience level your facility is built and certified to deliver. From perimeter architecture to MLZ-tier threat modeling, we close the gap between infrastructure investment and security reality.
Structured, evidence-based risk assessments grounded in operational reality. CoreBastion serves data centers, energy sector critical national infrastructure (CNI) including electrical substations, and active construction sites — environments where security is often an afterthought until it becomes a crisis. We assess drone threat exposure, construction phase vulnerabilities, and perimeter integrity against current threat vectors, delivering prioritized remediation roadmaps operators can execute.
Building security programs that align with enterprise risk tolerance and operational tempo. Policy, procedure, standards development with a focus on enforceability and practical adoption across operations teams.
Independent advisory for boards, executives, and technology vendors navigating the physical security landscape. Active participation in IDCA Technical Standards Committee.
The Firm
CoreBastion Security Consulting was founded on a single premise: the best security advice comes from people who have actually run security operations at scale — not from consultants working from checklists.
Our principal brings 25+ years of direct physical security experience, progressing from U.S. Air Force service through law enforcement, national retail, and into senior data center security leadership at Amazon Web Services.
CoreBastion operates from a conviction the industry has been slow to adopt: physical security must be tiered to match infrastructure resilience. A Tier IV data center protected by a Tier I security posture is not a Tier IV facility — it is a liability. We assess, design, and advocate for security programs that are engineered to the same standard as the systems they protect.
Our data center experience spans the full spectrum of facility types: hyperscale campuses, colocation and multi-tenant environments, edge and distributed compute nodes, nontraditional and purpose-built facilities, hybrid on-prem/cloud environments, and the emerging class of AI weight model / SCIF-derived high-security enclaves purpose-built to protect frontier AI training infrastructure and model weights against nation-state and advanced threat actors.
Our work extends beyond data centers into critical national infrastructure — energy substations, drone threat mitigation, and construction-phase security for major infrastructure projects where the attack surface is widest and protections are typically the weakest.
We advise clients who need decisions, not deliverables — organizations where the cost of a security failure is measured in operational disruption, reputational damage, and systemic risk to critical infrastructure.
How We Work
We move fast and stay practical. Every engagement begins with operational reality — not theoretical frameworks.
A focused intake to understand your environment, threat landscape, and what decisions you need to make. No forms, no intake portals — a direct conversation.
On-site evaluation using structured methodology. We document findings in real time, with georeferenced observations and photographic evidence where needed.
Findings are prioritized by actual likelihood and impact — not scored by generic matrices. You receive a clear, actionable picture of where your risk is concentrated.
Deliverable structured for both operational teams and executive stakeholders. We walk you through findings and stand behind our recommendations.
Connect
Paul Jankowski is the Co-Founder and Principal Consultant of CoreBastion Security Consulting, a firm specializing in physical security strategy for data centers, critical national infrastructure, and enterprise risk. With more than 25 years of experience spanning the U.S. Air Force, law enforcement, and senior corporate security roles at Amazon Web Services, Walmart, and Sears Holdings, Paul brings practitioner-level expertise to every engagement. He holds the IDCA Data Center Infrastructure Specialist (DCIS) designation and serves on the IDCA Technical Standards Committee.
Connect on LinkedInGet in Touch
If you are responsible for the physical security of data center infrastructure or critical enterprise assets, we should talk.
CoreBastion engagements are direct, focused, and built around your timeline. We do not carry a bench — when you engage CoreBastion, you work with the principal.
Frameworks & Publications
Practitioner-developed frameworks and reference documents for data center security, critical infrastructure protection, and AI-era physical security design.
A comprehensive defense-in-depth architecture for frontier AI, hyperscale, colocation, and edge data center environments. Seven-layer onion model cross-referenced against RAND SL1–SL5 and the Escalating Cyber-Physical Defenses maturity model. Covers perimeter design, CPTED principles, dual-fence intrusion detection, AI video analytics, SOC architecture, and model weight enclave design.
Six-document counter-drone reference suite covering vendor intelligence across 14+ companies, 27 defeat weapons systems (handheld through HPM), global defeat authority across 23 countries, physical hardening, fiber-optic drone countermeasures, the Ukrainian drone ecosystem, and U.S. government authority by agency and site. Includes FY2026 NDAA SAFER SKIES Act and the Epirus Leonidas HPM breakthrough.
57 vendors tracked across five segments: enterprise platform, pure-play AI, infrastructure, unified ops/PSIM, and security posture validation. Covers Ambient AI Pulsar VLM (GA November 2025), Brivo/Eagle Eye merger, Irisity U.S. airport contract, Verkada FedRAMP authorization, Milestone Hafnia VLM, Mistabra posture validation (category creator), and the full six-layer physical security AI stack from edge sensor through posture stress-testing.
Practitioner architecture guide for building a functionally equivalent system to commercial AI monitoring platforms using open-source VMS, cloud CV APIs, and LLM reasoning layers. Covers the four-layer architecture, Frigate NVR, YOLO, Claude API integration with working code, hardware requirements, SOC 2 implications, and a six-phase implementation roadmap.
28+ platforms across Physical Security Information Management, SIEM, GSOC orchestration, and converged operations. Covers the cyber-physical convergence trend, AI capabilities transforming GSOC operations, full pricing reference, and practitioner recommendations. Includes Genetec, Hexagon, Splunk, Microsoft Sentinel, Palo Alto XSIAM, AlertEnterprise, and Palantir.
22+ vendors across enterprise on-prem, cloud-native, credential hardware, and AI convergence tiers. LenelS2, C•CURE 9000, Genetec Synergis, Gallagher, Brivo, Verkada, HID Global, IDEMIA, and AlertEnterprise. Data center multi-zone architecture, identity lifecycle management, compliance requirements (SOC 2, NERC CIP, FISMA), and full pricing reference.
The U.S. grid has 55,000 transmission substations — most lack robust physical security. Physical attacks hit a record 185 incidents in 2023. Covers the full attack history, Ukraine's six-year battle-tested hardening doctrine, six-layer protection architecture, ballistic and drone defense vendors, NERC CIP-014 compliance gaps, and practitioner recommendations for what to do now.
Twenty practitioner convictions drawn from 25+ years across hyperscale, CNI, law enforcement, and the U.S. Air Force. Covers security program structure, the CSO model, cyber-physical convergence, the real attack surface, substation and fiber hardening, construction security, tiering doctrine, AI weight environments, guard force contracts, and the CICO process. Not a framework. Not a checklist. These are the things that cannot be negotiated away.
Practitioner reference covering the full perimeter security stack for data centers and CNI. Includes gray zone doctrine, zone architecture from exterior approach to red zone, fencing manufacturers (Gibraltar, Ameristar Impasse II, CLD 358, Betafence, Zaun), crash barriers, PIDS technology selection by site environment (Senstar OmniTrax, FlexZone, Southwest Microwave), exterior detection technologies, C-UAS platforms, autonomous patrol (Boston Dynamics Spot, Ghost Robotics Vision 60, Skydio, Percepto), VMS and alarm management, and a full system selection matrix by zone.
A practitioner analysis of the technical, economic, and operational considerations for colocation and hyperscale operators evaluating legacy facility upgrades for AI workloads. Covers the economic case for and against, separate analyses for AI inference versus AI training retrofit viability, a complete infrastructure upgrade reference from utility feed through rack-level power connections, cooling architecture options, and a structured site viability decision framework.
Practitioner checklist covering low-voltage infrastructure execution for data centers and large institutional environments. Contractor selection gates, vendor governance, pre-deployment sequencing, and the communication and walk-down discipline that holds projects on track. Includes escalation protocol for contractor non-performance and documentation requirements for project record integrity.
A proposed security posture framework arguing that Machine Learning Zone (MLZ) data center sites warrant a distinct, elevated security model compared to standard DC core or colocation environments. Covers threat delta, staffing model differences, access control architecture, and the case for treating MLZ as a separate security classification tier.
A practitioner's guide to building enforceable, progressive SLA structures for contract guard force operations in data center environments. Covers KPI design, escalation penalty models, post order enforcement, and alternative SLA structures borrowed from other high-reliability industries.
Intelligence Feed
Current developments in data centers, critical national infrastructure, physical security, AI model development, SMRs, and energy infrastructure.
Field Perspectives
Practitioner-level analysis on data center physical security, critical infrastructure, and the intersection of AI and physical security operations. Published on Medium.
The Robot on Post: How AI and Humanoid Robots Will Restructure the Contract Guard Force Industry
77% annual turnover. Some firms cycling through their entire workforce three times a year. AI and smart devices won't replace the guard force — they'll free human security professionals to do work that actually requires human judgment.
Read on Medium →Escalating Cyber-Physical Defenses: A Maturity Model for Frontier AI and Critical Data Infrastructure
A tiered maturity framework mapping physical security controls to facility criticality, from baseline perimeter hardening through SCIF-level enclave requirements for frontier AI model weight protection.
Read on Medium →The Future of AI and Security Forces in Data Centers: Building the Digital Fort Knox
As AI infrastructure becomes a strategic national asset, the security officer model must evolve. An examination of what armed, trained, and integrated security forces look like at hyperscale data centers.
Read on Medium →The AI Standard Wars: We've Seen This Before
The race to define AI security standards echoes past technology standards battles. A historical perspective on what the industry gets right and wrong when competing frameworks collide.
Read on Medium →Why Spend the Time and Effort to Break Into a Data Center When You Can Just Unplug It?
The most dangerous attack vector against data centers is not the front door. Terrestrial fiber, substation interdependencies, and grid-level exposure create soft targets that bypass hardened perimeters entirely.
Read on Medium →Data Center Physical Security Resiliency Framework
A structured framework for evaluating and hardening physical security posture across the full data center lifecycle, from site selection and construction through operations and incident response.
Read on Medium →Building Your Own AI-Augmented Physical Security Monitoring System
A practitioner-level walkthrough for standing up an AI-augmented physical security monitoring capability, covering architecture decisions, integration considerations, and operational deployment.
Read on Medium →AI-Powered Defense in Depth for Data Centers
Introducing VisionOps as an operational intelligence category that merges AI video analytics, automation, and unified security operations to shift data center physical security from reactive to predictive.
Read on Medium →The Future of Data Center Security: A Holistic Approach to Protecting Critical Infrastructure
Security embedded from day one rather than bolted on after the fact. A lifecycle view of data center physical security covering site due diligence, construction, and operational layered defense.
Read on Medium →