Always search for the next thing

"Rule 29: If you’re happy with your security, so are the bad guys."

Rule 29 is a rule for a reason. The same with the Red Team Journal Law 36: "Complacency is your next adversary’s best friend. Just when (you think) you’ve overcome one threat, two more are hiding right around the corner".
If you become static and stop checking, moving, developing, updating and performing the next round of security assessements (yes, this includes Red Teaming), then your adversaries will exploit this. Thinking that your perimerter is secure, that your internal networks are protected, that your data is safe, well... It's asking for trouble. If you think you have accounted for all possible attack vectors and all possible vulnerability, you'll be surprised when the breach happens.

You can't stop testing and making better decisions. You can't be happy with your current state of security, even if it seems impressive and everyone assures you that you are air-tight.

There is always a way in. There is always something to exploit.

There is always the people.

Red Teaming has to happen constantly. It has to be an ongoing operation, always searching, always testing, always asking the "what if" questions.

If you are happy with your security, so are the bad guys.