What A Red Team Is Not
This is worth stating plainly, because the two are routinely confused. A red team is not a more thorough penetration test, and it is not a comprehensive audit. A penetration test seeks to enumerate as much as possible in a defined scope; a red team will happily ignore ninety-nine vulnerabilities and use the hundredth, because its goal is an objective, not a catalogue. The question it answers is not can a skilled attacker get in - assume they can - but would you notice before they had loaded the van?