Traditional red team exercises and penetration tests provide a valuable service, but they have some shortfalls. Typical point-in-time exercises do not provide comprehensive controls testing. Red and blue team objectives are seldom aligned, and little collaboration, learning or mutual improvement takes place. This session will explore different approaches to facilitate meaningful security improvements.