The evolving complexity of modern infrastructures calls for more than traditional pen testing. In this session from the Take Command 2025 Virtual Cybersecurity Summit, red team experts shared how organizations are using continuous testing to outpace attackers — and better prepare their teams to respond in real time.
Hosted by Karl Lankford, Senior Director of Sales Engineering at Rapid7, the panel featured:
-
Aaron Herndon, Principal Security Consultant, Rapid7
-
Will Hunt, Co-Founder of In.security
Together, they broke down how red teaming has evolved from “can we get in” to “how well can your team respond when we do.”
Red Teaming vs. Pen Testing: Different tools for different jobs
Pen testing is valuable but it’s not red teaming. The panel made that distinction early on.
Aaron Herndon explained:
“Red teaming is objective-based. The purpose is to evaluate how your organization detects, responds, and recovers from a simulated attack.”
Unlike pen testing, which focuses on vulnerabilities, red teaming challenges the full scope of an organization’s readiness, from detection and alerting to human response under pressure.
Detection and response are the real metrics
Red teaming isn’t just about proving an attacker can gain access. It’s about measuring whether your security team sees what’s happening and knows how to respond.
As Will Hunt put it:
“Red teaming isn’t about proving we can get in — it’s about how well your team responds.”
That response might include incident playbooks, canary tokens, or anomaly detection across the kill chain. The key is uncovering gaps before a real attacker does.
Red teaming has to reflect reality
The panel stressed the importance of tailoring red team engagements to reflect current attacker behavior. From social engineering to cloud identity abuse, threat actors are no longer just scanning networks — they’re targeting people, workflows, and business processes.
Aaron Herndon highlighted:
“If you’re not testing across your full attack surface — including SaaS and cloud — you’re missing how attackers are actually operating.”
Survey insight: red teaming resonated
The value of this discussion was reinforced by attendees. In post-event feedback, several cited red teaming as one of their most insightful takeaways, including the emphasis on working alongside threat intel teams to strengthen response preparedness
Red teaming without a red team
Not every organization has the resources to build a formal red team. But that doesn’t mean they can’t benefit from red team-style testing. The panel offered suggestions including:
-
Partnering with third-party services
-
Running tabletop exercises based on real attack scenarios
-
Aligning detection engineering efforts with known threat TTPs
Watch the Full Session On Demand
If you’re looking to evolve your security validation efforts and bring more realism to your incident response strategy, this session delivers direct, tactical insights.