This approach and way of doing things was good, however it presented a challenge. Most organizations are not ready for this kind of security assessments. Their security programs and people are not mature enough to really understand the need for Red Teaming, and they were not ready for the assessment, often resulting in wasted efforts and the fact that the Team penetrated them using techniques they never thought about.