IT’s important role in implementing a cybersecurity strategy is indisputable, but lawyers need to be at the table too given the risks, including regulatory implications of breaches and the growing possibility of ensuing litigation. With input from technical and legal experts, this three-part series addresses what attorneys need to understand about security technologies and what role they should play. This second installment explores these issues within efforts related to red-teaming, vulnerability scanning and social engineering. Part one addressed the knowledge base needed depending on the lawyer’s role, whether security certification is necessary, and the roles of technology and pen testing in mitigating risk. Part three will cover cloud security and the potential value of hacking back. See also our three-part series on when and how legal and information security should engage on cyber strategy: “It Starts With Governance” (Mar. 28, 2018); “Assessments and Incident Response” (Apr. 11, 2018); “Vendors and M&A” (Apr. 18, 2018).