Adversaries continue to morph tactics and identify new ways of attacking organizations. The major methods of attack are predominantly through phishing, but the actual delivery system for the compromises is what becomes the hardest to detect. Regardless if it's a perimeter breach or a direct attack on the user population, it has never been more important to emulate attack patterns through the security industry. Penetration testing started off as a way for organizations to identify exposures and hopefully fix them before the attackers discover them.