For the best results – let them loose!

A mistake of offensive security engineering leaders (who are or were pen testers themselves) is to quickly call out issues and try to micromanage pen tests. This is especially difficult for someone with a strong technical background and understanding of offensive techniques.

For me, this was also a difficult task. At times, it feels difficult to let go and trust someone else, but if you hire the right people, there is no reason to worry.

Attempt to see the big picture and focus on what you do not know, rather on the things you know well. Focus on the territory that needs exploration, focus on strategy, and discuss with stakeholders you did not meet before to understand their needs and where your offensive team can help them improve or highlight deficiencies.

Protecting the team from unwanted external influences, such as possible reorganizations, unnecessary paperwork, or committing to work that is not in favor of the mission of the team is super critical to moving swiftly and with excellence toward establishing the team and demonstrating impact.

It's amazing to witness how much more a team can achieve if the manager isn't involved and focuses on their job. You hired the best candidates and you trust them. All the team needs is good principles and a manger who gets roadblocks out of the way.

So, let the pen testers loose!