Red-teamers find the gaps between security controls and visibility, whereas the pentest typically surfaces problems within specific controls. For practitioners who have to choose between a pen test or red team engagement, it comes down to the maturity of your security program and the questions you want to answer.

As a red teamer, I am frequently asked, “Should I do a pentest or hire a red team?” My response is always the same: that’s not entirely the right question. …

David Wolpoff (moose)

moose. co-founder @randori. red-teamer. security can’t be fixed. practice how you fight.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store