So you are a great hacker who can pop shells all day and make the IT team weep. At some point, that will have diminishing returns for both you and the company you serve. Every one of us has delivered or received that dreaded vulnerability report with 100,000+ items on it and heard (or made) that desperate sigh of defeat. Too many times we perform amazing red team work and deliver reports full of detailed findings, only to come back a year later and see nothing has been fixed. Breaking things is the easy part; how do you drive change when you don’t have direct authority? Our goal is to make an enterprise or product more secure while not driving it out of business and alienating everyone along the way.