130+ Internal Pen Tests Reveal 80% of Organizations Have Critical Active Directory Weaknesses

After conducting more than 130 internal penetration tests, security expert Spencer Alessi has found that 70–80% of organisations still have critical Active Directory weaknesses. While many security programs appear mature from the outside, internal identity controls often tell a very different story. In this live session, we’ll break down what internal testing consistently reveals — and why hybrid environments make these risks even more significant.

In this session, you’ll learn:

• Why internal pen tests expose risks external assessments often miss
• The most common Active Directory misconfigurations attackers exploit
• Why enumeration and privilege escalation frequently go undetected
• What to prioritise first to reduce your exposure to domain compromise

Join us for this candid discussion and gain practical insight into where internal identity risk really lives — and what security teams should focus on next.