Getting your organization ready for a Red Team engagement is on par with getting ready for the worst the world might throw at you.
Red Team testing is like training to be a professional boxer — you have your goal to be the best boxer in the world, you want to dominate your opponents and have world class defense to minimize risk from long term damage. First, you start eating healthy — a start similar to a vulnerability assessment. Then you want to start getting more specific, so you begin hitting the punching bag — that's a penetration test. You want to check for further weaknesses so you hire a trainer — that's an advanced penetration test. Finally, it's time to step into the ring, and spar for a few rounds — that's a Red Team test.
This article is intended to give a detailed look at the value Red Team tests provide over other types of technical testing and provides guidance on determining whether you are ready for one or not.
