iCONIC 2026 | From Assets to Adversaries: Building a Pen Testing Program

Speaker: Tyson Rauch, Principal Consultant, Offensive Security, iON

In this session, Tyson Rauch explores how organizations can build and mature an effective penetration testing program, evolving from foundational vulnerability management into advanced offensive security operations.

The session breaks down the differences between penetration testing, red teaming, and purple teaming, and highlights how organizations can use offensive security exercises to validate controls, improve detection and response capabilities, and identify real-world attack paths before adversaries do.

Tyson also shares practical insights into common gaps uncovered during assessments, strategies for prioritizing remediation efforts, and key considerations for building a scalable and mature security testing program over time.