Digital businesses are under constant threat of a targeted cyberattack from external actors as well as malicious insiders. Penetration tests are critical to finding and remediating vulnerabilities that an attacker can exploit, but current approaches have become ineffectual. It's time that security and risk (S&R) professionals move beyond checkbox compliance assessments to tests that provide true value. In this report, we identify seven best practices for rethinking your philosophy and reinventing your approach to penetration testing.