'How do you deliver and get real value out of penetration testing? How do you access and utilise available skills and services to intelligently manage risk, focusing on threats and continuous protection of valuable assets? There are plenty of great books covering technical aspects of penetration testing. This book mainly avoids those, focusing more on its organisation and execution. It points to the guidance of respected organisations, such as CREST and SANS, enabling deeper reading. It highlights red teaming and intelligence-driven approaches - these mature testing, enabling fine-tuning of organisational defences. Coverage includes traditional information systems and cloud services, and assurance within agile delivery methods. I would have liked to have had this book to hand when I started in infosec twenty years ago. It's a useful reference for managing penetration testing as part of wider information security programmes, and when setting up or running cybersecurity capabilities for clients.'.