There are many constraints with this team, but I wanted to list just three main ones:

• Time:
  • As with any project, the resources can't last forever. There is a definitive start and stop date.
  • Red teams have to bear this in mind, whereas adversaries don't have to worry about time as they can take as long as they like.
•  Skillset:
  • If the team is in-house, you will have a skillset deficit unless your team is constantly training on the newest TTPs.
  • If the team is outsourced, you will be paying a premium for those skill sets.
• Rules of engagement:
  • Red teams have rules that they have to follow, which does not allow them to exploit:
    • Production networks and systems
    • Out of band vulnerabilities, such as:
      • Family members
      • Neighbors
      • Personal home networks