If you haven’t heard yet that compliance is not security, you’re about to. This talk from two seasoned pentesters will navigate an engagement from zero to full systems takeover against a “hypothetical” target and will spill the secret beans on how you can get a truly valuable test, rather than just a scan that will let you check a compliance box. With an emphasis on pentesting as attack simulation through goal-oriented testing, we will journey from reconnaissance on an organization to lateral movement in an environment, along with examples of proven mitigations that help reduce impact when a breach occurs.