Offensive talks are easy, I know. But the goal of offensive security at the end of the day is to make us better defenders. And that’s hard. Usually after the pentesters (or worst – red team) leaves, there’s a whole lot of mess of vulnerabilities, exposures, threats, risks and wounded egos. Now comes the money time – can you fix this so your security posture will actually be better the next time these guys come around?