Suppose you hire someone limited to quadrant I to lead your red team. This person exceeds all of your technical requirements and holds a worthy set of certifications. When this person speaks, you listen. And well you should, if the imaginary world you live in is limited to attackers from quadrant I. Unfortunately, the world is much bigger than that, and attackers from quadrants II, III, and IV can hurt you in ways that attackers from quadrant I can’t or won’t. This is a worrisome gap that many firms unknowingly accept, all the while believing their red teams are keeping them safe from surprise.