As this next fiscal round of assessments begins, I'm wondering if we can redefine a little, when exactly an engagement begins.  What I'm thinking is, what if it actually begins 30 days before we show up on site?  I know we all have day jobs and probably won't get to much of it, but imagine if we are allowed to probe the outside layer a bit with nessus, phish a little, social engineer a bit, all before we get onsite for our noisy portion?  It might be nice to show up and have a few credentials in hand already and a few pivots established and ready to go.  It also helps add just a touch more realism to the scenario too, I think.

Any thoughts?

Chuck