Offensive security is a critical component of cybersecurity, as it involves identifying and exploiting system vulnerabilities from a threat actor’s perspective. This approach to security assessments can reveal vulnerabilities that may not be detected through vulnerability scanning alone. However, offensive security can be complex and is often misunderstood, which can hinder organizations from achieving their security assessment objectives. Additionally, current offensive security assessment practices often contain gaps that reduce the effectiveness of these assessments. In an upcoming presentation, experienced offensive security professional and educator Phillip Wylie will explore the various types of assessments that constitute offensive security, examine common gaps encountered during pentests, and offer strategies to enhance offensive security efforts. This session aims to provide attendees with a better understanding of offensive security, insight into different offensive security assessment types, guidance on addressing common gaps associated with offensive security, and information on how it integrates with vulnerability management programs.