As a general rule, we find what we look for. This has been the case with conventional security testing which looks for vulnerabilities and security loopholes. While this is a necessary exercise, it fails to intentionally look for compromise. This session will look at the evolution in security testing and explore why testing practices must evolve to include a state of continuous compromise assessment.