Offensive security is no longer a niche discipline—it’s rapidly becoming a mainstream requirement for security maturity. Regulatory frameworks such as PCI DSS 4.0 are beginning to embed offensive testing mandates, compelling organizations to integrate activities like red teaming, purple teaming, and breach-and-attack simulation into ongoing operations. In this interview from Black Hat 2025, Fortra’s Rohit Dhamankar outlines how security leaders can adopt offensive strategies that go beyond annual pen tests, using continuous assessment and AI-assisted red teaming to uncover vulnerabilities before adversaries exploit them. The goal, he emphasizes, is to evolve from sporadic testing toward proactive, ongoing validation of defenses. Dhamankar also addresses the operational challenges of scaling offensive security. For many organizations, in-house red team capacity is limited, making strategic outsourcing and the use of BAS platforms essential for consistent coverage. He shares insights on blending human expertise with automation, leveraging AI for realistic threat simulation, and using purple teaming exercises to improve coordination between offensive and defensive teams. Whether building internal skills or partnering with specialized providers, he argues, the future of effective security lies in merging offensive and defensive practices into a unified, adaptive approach capable of keeping pace with today’s dynamic threat landscape.
