Penetration tests rarely improve a client’s security. We know this because last year’s test feels horribly close to this year’s. In terms of value to the business, they fall flat in most ways – they are misunderstood from the start, during the test, and at the report. We want to dispel the confusion and tie the technical work to the business to turn this situation around. We believe that a penetration test can provide a compelling story and act as an important piece of the puzzle in an organization’s security strategy, but the road to getting value from these tactical exercises is a long and arduous one. In this talk we’ll take you with us on a journey in an effort to try tackle the underlying issues and solve this long standing industry problem.