Enjoying the content? Let us know your feedback!

Today we're tackling a question I get asked constantly: "Should we do a pentest, a red team engagement, or a vulnerability assessment?"

These terms get thrown around interchangeably, but they're actually very different things with different goals, different costs, and they're appropriate for different situations. Choosing the wrong one can either waste money on overkill testing or leave you with a false sense of security.

Here's the reality: most organizations need all three at different times. But if you're trying to figure out where to start, you need to understand what each one actually does.

https://www.sans.org: Penetration Testing: The Shift to Red Team and Purple Team Strategies

-https://nvlpubs.nist.gov: Technical Guide to Information Security Testing and Assessment

Be sure to subscribe!
You can also stream from https://yusufonsecurity.com
In there, you will find a list of all previous episodes in there too.