Talk given at the ISSA Charleston conference on creating highly functional internal offensive security teams. --snip-- Too many times do I hear the tales of PenTesters and “Red Teamers” awesomeness but never hear of the fight the “Blue Teamers” put up. Let’s face it, the value of most PenTesting is as good as being pushed down a flight of stairs then being told you are vulnerable to a “Sneak Attack Stair Renegotiation Vulnerability” or known in the media as SASR. this creates a massive level of trauma in an organization. They are left with an overwhelming number of vulnerabilities and flaws and sometimes at such an amount that it paralyzes the org's ability to move forward. In this talk I will explore what it is like to build, manage and operate a red team that is a VALUE to the organization not just a gang of PenTesters pointing out flaws. We will cover numerous engagements and 1000’s of simulation hours that show a clear and repeatable method to measure the success of a program. We will cover the setup and goals of the team, integration into the overall ecosystem of the company and the tricky metrics that actually let you answer the fabled question “How secure are we?”