For some, the idea of security testing can conjure up images of individuals carrying out highly technical and complex attacks that discover unimaginable exploits in our systems. Although having knowledge of how systems work, how they can be exploited, and how to use tools to discover threats is a key ingredient to successful security testing, incorrect assumptions about security testing promote the idea that it is an exclusive club open only to those with superhuman technical skills. However, security testing isn’t just about “hacking systems”; it requires intentional planning and analysis to detect threats and prioritize them. All of this involves a wide range of activities, skills, and techniques, some of which we’ve already learned in previous chapters.