All learning paths
Senior10–16 months

Career learning path

Director of Offensive Security

Lead red team, pentest, and bug bounty programs

Executive offensive security path: program scoping, rules of engagement, purple team cadence, vendor/red team management, and reporting vulnerabilities to the board and engineering leadership.

Best for: Senior pentesters, red team leads, appsec managers, and security leaders building offensive programs.

Your destination

Director of offensive security running enterprise pen testing, red team, and vulnerability management programs

Director of Offensive SecurityHead of Red TeamVP Application SecurityGlobal Pen Test Manager

What you will achieve

Outcomes when you complete this learning path — your career destination.

  • Stand up enterprise pen test and red team operating model
  • Define RoE, legal review, and safe harbor for testing
  • Prioritize remediation with engineering based on business risk
  • Measure program value with purple team exercises and metrics

How this path helps your career

Offensive security directors combine rare technical depth with program leadership — senior roles in finance, tech, and consulting pay at the top of security IC/management bands.

Path milestones

Phases on the way to your destination — what you prove at each step.

Phase 1

Program charter

Scope, frequency, and stakeholder alignment.

  • Define test types and coverage matrix
  • Establish legal/contract templates
Phase 2

Team & vendor model

Internal team, boutiques, and bug bounty.

  • Build vendor scorecard
  • Run purple team pilot
Phase 3

Vulnerability governance

SLAs, exceptions, and engineering partnership.

  • Implement critical finding SLA
  • Track mean time to remediate
Phase 4

Executive reporting

Trend analysis and risk-based storytelling.

  • Present annual offensive security review
  • Align roadmap to top business apps

Resources to reach your destination

Technology roadmaps, tutorials, labs, and tools — everything bundled for this career path.

Roadmaps below are technology maps — focused guides for one skill area. They are stepping stones inside this career path, not the destination itself.

Technology roadmaps

Offensive technology maps for team standards.

Labs

Web and network testing practice.

Tools

Testing utilities.

What comes next

After progressing on this path — related executive roles, technology roadmaps, and community.

Security Architect

Secure design for apps you test

Continue →

CISO

Executive security leadership

Continue →

Director of Security Operations

Blue team partnership and purple team

Continue →

Start with the first technology roadmap

Enroll in a roadmap stage to track progress while following this path.

Open first roadmapCompare paths