Welcome to the Engagement Playbook

Most penetration testing courses teach you how to hack.

This one teaches you how to run an engagement.

There’s a difference. The technical skills such as enumeration, exploitation, and lateral movement are learnable on any lab platform. What’s harder to learn is what happens around the technical work: the scoping calls, the rules of engagement, the evidence collection, the report, the readout. The part that turns a collection of findings into a deliverable a client can actually act on.

That’s what this course covers.

This was borne from a gap I identified: highly technical people are hired onto teams but do not know how to communicate, especially when translating technical jargon into business language for clients or even for their own team members.

What you’ll learn

The course follows the full penetration testing engagement lifecycle from first contact through the client readout. You’ll work through every phase using real documents from a fictional engagement: TadiSec (the pentest firm) assessing Navigating Security Corp (the client), reference TS-2026-0041.

Every lesson has two parts. On the left: a short lesson that explains the concept. On the right: an interactive challenge that puts you in the consultant’s seat.

Module 1 — See the Destination Watch a real readout before you learn anything. Understand why the engagement lifecycle exists and where it leads.

Module 2 — Before You Touch a Keyboard Scope of work, rules of engagement, the kickoff call, target lists. Everything that happens before testing begins.

Module 3 — The Breach and the Evidence Methodology, enumeration strategy, documenting as you go, assembling an evidence package.

Module 4 — The Report and the Readout Report structure, executive summary, finding documentation, severity ratings, remediation guidance, the client presentation, and handling live questions.

Who is this for?

If you’re grinding labs and wondering why interviews aren’t converting, this is for you.

You can enumerate AD. You can chain exploits. You can root boxes. But when a hiring manager asks “walk me through how you’d scope an engagement” or “what does your report process look like” — you don’t have an answer. Not because you can’t do the work, but because no lab teaches you that part.

The technical skills get you in the room. The soft skills get you the job.

If you just got hired and you’re terrified of your first engagement, this is also for you.

You passed the interviews. Now there’s a scope document in your inbox, a kickoff call on Thursday, and a client expecting a professional deliverable at the end. Nobody told you what that actually looks like from the inside. Most firms assume you’ll figure it out alone if you haven’t already, but you don’t have to.

This course won’t make you a better hacker in the “technical” sense. It will make you a better consultant. Those are different skills, and most training ignores the second one entirely. By the time you finish, you’ll have worked through every phase of a real engagement.

No consulting background required. Basic familiarity with what a pentest involves is enough to start

The lab environment

The challenges in this free course use documents, scenarios, and questions. To make this less boring and even more hands on, you can follow along with the lab environment used throughout the entire course.

The challenge panel on the right has a link to it. It’s there as a reference; the free course stands on its own.

How to use this course

Read the lesson. Do the challenge. Use the “Next lesson” button to move forward. Progress is saved locally in your browser at the moment, no account needed. Just be sure to remember where you were last time if you ever lose your progress.

Start with Lesson 1.1. It has no preamble. Just watch.