Read as
Last updated: April 29, 2026
The report is the deliverable. A great engagement with poor reporting fails to drive change.
The report is the deliverable. A great engagement with poor reporting fails to drive change.
Three audiences
- Executives — what could happen; what was the impact; what investment justified
- Security team — TTPs used, detection gaps, recommended controls
- Engineering / IT — specific configurations to change, code to fix
Structure
- Executive summary (1-2 pages)
- Engagement objectives + scope
- Attack narrative (the story, illustrated)
- Findings with severity, evidence, recommendation
- MITRE ATT&CK mapping
- Detection assessment
- Recommendations prioritised
- Appendix with raw evidence
The “story”
Engineers retain stories better than findings lists. Walk the reader through the attack: “Day 1, phishing email. Day 3, compromised laptop. Day 5, lateral move via Kerberoasting. Day 7, Domain Admin.” Each step a detection opportunity discussed.
🧠
Check your understanding
Module Quiz · 4 questions
Pass with 80%+ to mark this module complete. Unlimited retries. Each question shows an explanation.
Want this for your team?
Custom team training + practitioner advisory
Beyond the free academy — we run private workshops, vCISO advisory, and red-team exercises tailored to your stack. For Indian SMBs scaling past their first hire.
Book team training call
Replies in 4 working hrs · India-only · Senior consultants