Traditionally, when talking about enterprise security, most companies would focus on the defensive side. For example, SOC, Incident Response, Threat Hunting, etc.

As for the Offensive part, companies used to ask for vendors to support yearly security assessment or penetration testing. Only a few international companies, because of the vast variety of product/service or the needs of proving product security, would build up an in-house offensive security team. 

Recently, because of the increased of security incident & the digital transformation happens in more and more industries. More and more companies start to consider whether to build up an in-house offensive security team. The speaker want to share advantages of in-house offensive security team, the working type as an in-house offensive security team member, and the role of in-house offensive security team in the SSDLC via this session.