Offensive security is critical for detecting vulnerabilities in systems, applications, people, and buildings. Some assessment types are only crucial at certain times or stages of an organization’s security maturity. Offensive security takes a threat approach to assess in-scope targets for vulnerabilities and, even more importantly, exploitable ones. Although offensive security is no secret, companies are required to perform pentests for compliance reasons. It is one of the most misunderstood areas of cybersecurity. This is due to the lack of experience by most cybersecurity professionals in this discipline. In this presentation, we will demystify this tradecraft, and attendees will learn the details of each specialization of offensive security, including pentesting, red teaming, social engineering, and physical security assessments. Vulnerability management will be discussed, and where offensive security falls into the overall strategy. Discussed along with the different assessment types, we will share the tools and techniques used in each phase of these assessment types. Attendees will come away with a better understanding of offensive security, the difference in assessment types, and the tools, methodologies, and standards necessary for performing thorough security assessments.