A Licensed Penetration Tester (LPT) is a cybersecurity expert with specialized training and certification, responsible for identifying vulnerabilities in an organization’s digital infrastructure. These professionals simulate real-world cyberattacks under controlled conditions to uncover weak points in systems, applications, and networks before they can be exploited by malicious actors.
Unlike automated vulnerability scanners or general IT staff, LPTs possess a deeper understanding of hacker behavior. They are trained to use advanced penetration testing methodologies, tools, and techniques to replicate attack scenarios and assess how systems respond under pressure. This requires not only technical expertise but also creativity and strategic thinking to mirror how actual attackers might operate.
The core principle behind licensed penetration testing is to find and fix weaknesses before they are discovered and used against the organization. This proactive approach to cybersecurity is critical in a time when breaches can lead to data loss, financial loss, regulatory penalties, and reputational damage.
The Importance of Human-Centered Cyber Testing
While many organizations rely on automated security tools to detect vulnerabilities, such tools are limited in scope and logic. They often miss complex scenarios involving multiple low-level vulnerabilities that, when combined, could result in significant risk. Licensed Penetration Testers are trained to identify and exploit such combinations.
The human element in penetration testing enables a more thorough and realistic evaluation of an organization’s defenses. LPTs understand how systems interact with one another, how users behave, and how attackers might take advantage of both technical and non-technical flaws. This perspective is vital for revealing issues that may remain undetected by conventional scanning software.
Additionally, penetration testing requires careful planning and execution to avoid causing disruptions. A licensed professional knows how to conduct these assessments safely, maintaining the confidentiality, integrity, and availability of critical systems while testing them for vulnerabilities.
Who Should Consider LPT Certification
LPT certification is most suitable for individuals already working in cybersecurity or IT-related fields. Roles that benefit most from this training include network security engineers, IT auditors, information security officers, cybersecurity analysts, and systems administrators. The certification provides these professionals with the advanced skills needed to conduct deep-dive assessments into security postures.
The curriculum typically includes training in reconnaissance, exploitation, privilege escalation, and post-exploitation activities. It also teaches candidates how to document findings clearly and communicate them effectively to stakeholders. These are essential skills, especially in organizations where technical assessments must be translated into business decisions.
For those seeking to expand their career in cybersecurity or enhance their value within an organization, becoming a Licensed Penetration Tester opens doors to high-demand roles in ethical hacking, red teaming, security consulting, and threat intelligence.
Legal and Ethical Boundaries of Penetration Testing
Penetration testing is a powerful capability, and with that power comes responsibility. LPTs are trained to operate within a strict legal and ethical framework. Every test must be authorized by the organization undergoing the assessment. There must be clearly defined objectives, scope, and rules of engagement before any testing begins.
The legal aspect of penetration testing ensures that no unauthorized access or data tampering occurs. Ethical guidelines help maintain professional standards, safeguard user data, and build trust between the tester and the client organization. Failure to adhere to these boundaries can result in legal consequences and a breach of professional ethics.
Organizations hiring penetration testers—whether internal or external—must ensure that those individuals are certified, experienced, and adhere to a recognized code of conduct. LPTs bring credibility to the testing process and assure that the organization’s systems are being evaluated responsibly.
Building a Proactive Security Culture
Incorporating Licensed Penetration Testers into the cybersecurity framework is about more than just identifying vulnerabilities. It’s about fostering a proactive approach to security across the organization. LPTs contribute to risk assessment, incident response planning, and ongoing security improvements.
Their assessments often reveal not only technical flaws but also process weaknesses, such as improper access control or lack of employee training. By addressing these gaps, organizations can build a more resilient defense against cyber threats.
Moreover, having an LPT on staff or contract demonstrates a commitment to cybersecurity excellence. It signals to clients, partners, and regulators that the organization takes its digital security seriously. This can be a key differentiator in industries where data protection is paramount.
Why Licensed Penetration Testing Matters Today
The increasing frequency and sophistication of cyberattacks make licensed penetration testing more relevant than ever. Organizations of all sizes face threats from ransomware, phishing, data breaches, and insider attacks. These threats can be financially and operationally devastating, particularly for small and medium-sized businesses with limited resources.
A single breach can lead to the loss of customer trust, regulatory fines, and irreversible damage to brand reputation. By engaging Licensed Penetration Testers, businesses can identify and fix vulnerabilities before they become costly problems.
Licensed Penetration Testers are uniquely equipped to navigate this threat landscape. Their expertise provides a crucial layer of protection that goes beyond the capabilities of automated tools or reactive security policies. As cyber threats continue to evolve, LPTs serve as a critical part of an organization’s defense strategy.
How Licensed Penetration Testers Simulate Real-World Cyber Threats
Licensed Penetration Testers bring a unique and powerful capability to organizations by simulating real-world attacks against digital systems. These simulations are not theoretical exercises. They are structured, strategic assessments that mimic the tactics, techniques, and procedures used by actual threat actors. The goal is to identify vulnerabilities that a malicious hacker might exploit and provide clear recommendations to mitigate those risks before any real damage can occur.
Unlike general vulnerability scans, which focus on identifying known issues, LPTs go deeper. They actively exploit the identified vulnerabilities to test their impact. For instance, a misconfigured server might not seem critical on the surface, but through lateral movement and privilege escalation, an attacker could use it as a stepping stone to access sensitive data. Licensed Penetration Testers are trained to identify and test such scenarios, helping organizations understand the full scope of their risk exposure.
These professionals use a combination of open-source and commercial tools, some of which may be custom-built, to simulate various forms of attacks, including those targeting applications, operating systems, network protocols, cloud configurations, and even physical security systems. Their assessments are comprehensive and go beyond surface-level testing, giving organizations a real picture of how an attacker would approach and potentially breach their systems.
Identifying Hidden and Complex Vulnerabilities
One of the most valuable aspects of penetration testing is the ability to uncover hidden or complex vulnerabilities that automated systems often miss. Automated tools generally follow a defined set of rules and signatures to identify known weaknesses. However, attackers rarely follow predictable paths, and vulnerabilities may arise from the unique interaction of components across the infrastructure.
Licensed Penetration Testers are trained to recognize these patterns. They understand how seemingly low-risk issues, when chained together, can lead to a high-impact breach. For example, an LPT might discover that weak password policies, outdated software, and improperly configured user permissions together provide an easy entry point for attackers. These layered findings are difficult to uncover through static scanning tools alone.
The depth of manual testing that an LPT provides is essential for organizations with complex environments. Businesses that rely on third-party integrations, hybrid cloud deployments, or custom applications benefit greatly from hands-on testing. These environments introduce variables that are often not accounted for by default scanning engines, but a skilled LPT can navigate and analyze them with precision.
Assessing Business Impact and Operational Risk
Understanding technical vulnerabilities is only one side of the equation. Licensed Penetration Testers go further by assessing the potential operational and business impacts of successful attacks. This analysis is essential for aligning security decisions with business priorities. For instance, a data breach affecting customer records might have legal, reputational, and financial consequences that far outweigh the immediate technical issue.
LPTs help quantify these risks in terms that business leaders can understand. They describe how attacks could disrupt critical services, damage customer relationships, and lead to regulatory penalties. This type of impact-focused reporting is a powerful tool for decision-makers who must allocate resources effectively across the organization.
By simulating actual attack scenarios, LPTs show executives what a successful breach would look like. They highlight not just the technical paths taken by attackers but also the real-world outcomes, such as data theft, system outages, and financial loss. This insight is vital for building a risk management strategy that prioritizes the most critical assets and services.
Demonstrating Return on Security Investment
Security initiatives often struggle to secure funding without a clear demonstration of return on investment. Licensed Penetration Testers help bridge this gap by providing evidence that supports the need for enhanced security resources. Their findings can justify investments in new technologies, training programs, or personnel hires.
By identifying and documenting real weaknesses, LPTs provide the proof that executives and board members need to make informed decisions. Their reports can be used to support budget proposals, compliance reviews, and strategic planning sessions. They also show customers and investors that the organization is taking active steps to protect its data and infrastructure.
In regulated industries, where periodic security assessments are mandatory, having penetration test results from a licensed professional adds credibility and helps ensure that audits are passed smoothly. Even in less regulated environments, the results of a comprehensive test can serve as a benchmark for future improvements and a baseline for security performance over time.
Supporting Incident Response and Recovery Planning
Penetration testing is not limited to proactive threat identification. Licensed Penetration Testers also play a crucial role in supporting incident response and recovery efforts. After a breach or security incident, organizations often need to determine how the attack happened, what systems were affected, and what weaknesses were exploited.
LPTs bring a forensics-based mindset to this analysis. They reconstruct the attack chain, identify initial entry points, and uncover how attackers moved through the environment. This detailed understanding helps organizations improve their incident response plans, fix the exploited weaknesses, and strengthen their defenses for the future.
This process is critical for avoiding repeat attacks. Many threat actors return to previously compromised organizations if they believe the vulnerabilities have not been fully resolved. By leveraging the expertise of LPTs, businesses can ensure that remediation efforts are complete and effective.
Combining forensic analysis with ongoing penetration testing helps organizations evolve their cybersecurity capabilities. It allows them to identify trends in attack behavior, understand their most attractive targets, and adapt their defenses accordingly. This ongoing cycle of testing and learning is essential for staying ahead of modern threats.
Enhancing Stakeholder Confidence and Accountability
Organizations that employ Licensed Penetration Testers, whether internally or through external engagements, demonstrate a commitment to cybersecurity that resonates with a broad range of stakeholders. Customers want to know that their data is protected. Investors seek assurance that the business is not vulnerable to cyber incidents that could impact financial performance. Regulators require proof that the organization is complying with relevant security standards.
The work performed by LPTs contributes to all these areas. Their reports serve as evidence of due diligence, proactive risk management, and compliance with industry best practices. They also help organizations identify gaps in governance, policy, and user awareness that can be addressed to improve overall security maturity.
Beyond technical insights, Licensed Penetration Testers contribute to the cultural and operational aspects of cybersecurity. They help foster a security-first mindset across departments, encourage collaboration between technical and business teams, and promote accountability at every level of the organization. These are vital qualities in building a resilient, adaptive, and security-conscious enterprise.
Closing Security Gaps Before They Become Headlines
The consequences of a cyberattack can be devastating, especially when vulnerabilities go undetected for extended periods. Breaches often result in public scrutiny, lost revenue, damaged customer relationships, and even legal actions. In many cases, the exploited weaknesses could have been discovered and addressed through penetration testing.
Licensed Penetration Testers serve as an early warning system for organizations. By identifying and resolving issues before they are exploited, they help prevent costly incidents and avoid becoming the next headline in a cybersecurity breach report. Their proactive assessments close security gaps that may have been overlooked, underestimated, or misunderstood.
This is particularly important in industries that handle sensitive data, such as healthcare, finance, and education. But even businesses without regulatory obligations benefit from the added assurance that penetration testing provides. The ability to demonstrate security readiness is increasingly important in a digital economy where trust is a key differentiator.
Why Organizations Should Consider Training Internal Staff as Licensed Penetration Testers
Many organizations face challenges in recruiting qualified cybersecurity professionals due to increasing demand, rising salaries, and limited availability of experienced talent. As a result, training an existing IT employee to become a Licensed Penetration Tester offers a strategic alternative. This approach allows businesses to cultivate in-house expertise, reduce external consultancy costs, and gain a long-term security asset who already understands the company’s systems and processes.
Internal employees who are already familiar with the infrastructure, business logic, and day-to-day operations are well-positioned to contribute meaningfully once trained. These individuals can apply their existing knowledge of internal systems to perform targeted, efficient penetration testing. They are also better equipped to collaborate with various teams and recommend practical, context-aware security improvements that align with business priorities.
Investing in training for an internal staff member reflects a commitment to professional development and cybersecurity maturity. It sends a strong message to clients, partners, and regulatory bodies that the organization is proactively managing cyber risk. It also creates a culture of internal growth, encouraging other employees to pursue certifications and advanced skills that benefit both the individual and the organization.
Cost-Effectiveness and Long-Term Value
Engaging external penetration testing consultants or third-party firms can be costly, especially when assessments need to be conducted regularly or on short notice. These engagements often come with high hourly rates, limited availability, and varying levels of depth in testing. While external consultants may provide an objective perspective, relying on them as the sole means of security evaluation can quickly become unsustainable.
By contrast, training a current employee to become a Licensed Penetration Tester creates a cost-effective, scalable solution. Once certified, the individual can perform recurring assessments, assist in incident response, validate new systems or applications before deployment, and participate in red-teaming exercises. This internal capability reduces dependence on external vendors while increasing control over the security testing process.
The long-term value of having an LPT on staff extends beyond technical testing. These professionals help build institutional knowledge that stays within the company. They gain insights into historical vulnerabilities, system evolution, and team workflows, all of which enhance the relevance and efficiency of their testing. Additionally, because they are part of the organization, their recommendations are more likely to be aligned with business objectives and accepted by management and technical teams.
Improving Detection, Response, and Prevention
One of the critical benefits of having an in-house Licensed Penetration Tester is the improvement of threat detection, incident response, and attack prevention capabilities. These professionals are not limited to identifying vulnerabilities; they can simulate full attack scenarios, assess the effectiveness of detection systems, and validate response procedures in real time.
An internal LPT can conduct regular assessments to determine whether existing security controls are functioning properly. They can test the configuration of intrusion detection and prevention systems, simulate phishing attacks to evaluate employee awareness, and analyze system logs for indicators of compromise. This continuous feedback loop allows organizations to fine-tune their defenses and respond more effectively to real incidents.
When a potential breach occurs, an internal LPT can be quickly mobilized to investigate and contain the threat. Their knowledge of the organization’s infrastructure allows for faster triage, root cause analysis, and mitigation. This rapid response capability is vital in reducing downtime, minimizing data loss, and restoring operations.
Moreover, LPTs contribute to long-term prevention by identifying trends in system weaknesses, proposing architectural improvements, and championing secure coding practices in development teams. Their insights can shape policy, training, and system design in ways that significantly reduce the attack surface over time.
Building Resilience in Small and Medium-Sized Businesses
Small and medium-sized businesses are often targeted by attackers because they typically have fewer security resources than large enterprises. A single breach can cause irreversible damage, including financial loss, legal liabilities, and reputational harm. In some cases, the consequences are severe enough to force businesses to shut down operations permanently.
Training an existing IT staff member to become a Licensed Penetration Tester is an especially valuable strategy for smaller organizations. It provides access to expert-level capabilities without the overhead of maintaining a large security team. The certified individual can wear multiple hats, supporting security, compliance, and IT operations in a cost-efficient manner.
This approach also increases agility. When cyber threats emerge, small businesses with internal testing capabilities can act immediately to assess risk and implement countermeasures. They do not have to wait for external consultants to become available, which is particularly important in a fast-moving threat environment.
The flexibility of internal LPTs empowers small businesses to adapt security practices to their evolving needs. Whether expanding into new markets, launching new services, or integrating third-party technologies, they have the expertise in-house to conduct necessary security assessments and maintain compliance with industry regulations.
Enhancing Customer Trust and Regulatory Compliance
Customers and partners are increasingly evaluating organizations based on their cybersecurity maturity. Demonstrating that your team includes a Licensed Penetration Tester can provide a significant trust advantage. It shows that the business is committed to protecting customer data, securing internal systems, and proactively addressing cyber risk.
This level of assurance can be a deciding factor in winning contracts, forming strategic partnerships, or attracting investment. Security-conscious clients may require proof of penetration testing as part of vendor risk management processes. Being able to conduct these tests in-house and produce detailed, professional reports can streamline onboarding and compliance.
Many industries are also subject to regulatory requirements for cybersecurity assessments. Frameworks such as PCI DSS, HIPAA, GDPR, and others mandate regular testing of systems that handle sensitive data. An internal LPT can ensure that these tests are conducted to the standards, generate the necessary documentation, and prepare for audits without interrupting daily operations.
Additionally, organizations with licensed testers can take a proactive approach to compliance by identifying areas where controls fall short, remediating gaps, and tracking progress over time. This continuous compliance mindset reduces the risk of fines, sanctions, or legal disputes.
Reducing the Risk of Reputation and Revenue Loss
A cybersecurity breach does not only result in technical problems. It often leads to significant damage to the organization’s reputation, customer confidence, and bottom line. Lost business, regulatory penalties, class-action lawsuits, and increased marketing costs to rebuild brand image are just a few of the long-term consequences that companies face after a breach.
Licensed Penetration Testers help prevent such outcomes by ensuring that vulnerabilities are found and fixed before they are exploited. They simulate attack paths that malicious actors might use, helping organizations understand where their greatest risks lie and how to prioritize mitigation efforts. Their testing reveals blind spots that might otherwise go unnoticed until it is too late.
In today’s interconnected world, a security incident can spread quickly across social media and news outlets. Customers expect transparency, accountability, and action when it comes to cybersecurity. Organizations that demonstrate a proactive security posture—by employing certified professionals and regularly testing their defenses—are more likely to retain customer trust even when challenges arise.
Internal LPTs also help businesses control the narrative. When an incident occurs, they can quickly determine the scope of the attack, identify what data was affected, and implement containment measures. This ability to respond with confidence, backed by in-house expertise, can significantly reduce reputational damage and support faster recovery.
Increasing Internal Security Awareness and Collaboration
Training internal employees as Licensed Penetration Testers fosters a broader security culture across the organization. These professionals often serve as liaisons between technical teams, management, and non-technical staff. Their presence encourages cross-functional collaboration and ensures that cybersecurity is considered in every department.
For example, development teams can work closely with LPTs to integrate secure coding practices, reducing the number of vulnerabilities introduced during software development. System administrators can consult with LPTs on hardening servers and managing access controls. Executives can rely on LPTs to explain risks in business terms and recommend strategic security investments.
Additionally, LPTs can lead awareness programs, training sessions, and tabletop exercises that prepare the organization for real-world attacks. Their firsthand experience with simulated breaches provides relatable, practical examples that enhance learning and engagement across all levels of the company.
A security-aware workforce is one of the most effective defenses against cyber threats. Employees who understand the tactics used by attackers are less likely to fall victim to phishing, social engineering, or inadvertent data leaks. LPTs play a vital role in building this awareness and embedding security into the organizational culture.
The Evolving Cybersecurity Landscape and the Role of LPTs
The cybersecurity landscape is undergoing rapid transformation. New technologies, shifting digital infrastructures, and increasingly sophisticated attackers are redefining how organizations must defend themselves. As a result, the role of Licensed Penetration Testers is becoming even more critical. These professionals are not only responsible for identifying existing vulnerabilities but are also at the forefront of helping organizations adapt to future threats.
Modern attackers are no longer limited to simple malware or brute-force attacks. They now leverage social engineering, supply chain compromise, advanced persistent threats, and zero-day exploits. In response, businesses must evolve from reactive to proactive defense strategies. Licensed Penetration Testers enable this transition by simulating these complex attacks in a controlled environment, revealing the true resilience of an organization’s systems, people, and processes.
This evolution of threats also demands that security testing extend beyond traditional perimeter defenses. With cloud adoption, remote work, and mobile technologies becoming standard, the attack surface is broader and more fragmented than ever before. LPTs are uniquely qualified to test these modern environments, uncovering vulnerabilities in cloud configurations, APIs, web services, and endpoint devices that conventional tools may overlook.
Penetration Testing as a Continuous Process
In the past, penetration testing was often viewed as a periodic activity conducted annually or during major system upgrades. Today, however, this model is no longer sufficient. The speed at which threats evolve and vulnerabilities are discovered means that penetration testing must become a continuous and integrated process.
Licensed Penetration Testers now work in environments where real-time threat detection and agile development are the norm. This requires them to participate in ongoing security validation efforts, including regular red teaming, automated testing pipelines, and threat hunting. Their insights help organizations maintain constant awareness of their risk posture and respond quickly to emerging threats.
Continuous penetration testing also aligns with modern development methodologies such as DevSecOps. By embedding LPTs into development cycles, organizations ensure that security is considered from the earliest stages of product design. Applications, systems, and services are tested incrementally and continuously, reducing the risk of deploying vulnerable solutions into production environments.
Additionally, continuous engagement allows LPTs to track the effectiveness of mitigation efforts over time. They can re-test systems after patches are applied, verify changes to access controls, and ensure that newly implemented security controls function as intended. This ongoing feedback loop is essential for maintaining a secure and resilient infrastructure.
Adapting to Emerging Technologies and Threat Vectors
As technology advances, new tools and platforms introduce not only opportunities but also new types of risk. The growing use of artificial intelligence, machine learning, Internet of Things devices, blockchain systems, and edge computing demands that security assessments also evolve. Licensed Penetration Testers are increasingly required to understand and test these novel systems, many of which operate outside traditional IT environments.
Artificial intelligence introduces the possibility of AI-driven cyberattacks, such as adaptive malware and intelligent phishing campaigns. Licensed Penetration Testers must be prepared to simulate and assess these threats, as well as understand how to defend against them. Additionally, AI can be used to enhance penetration testing itself by helping LPTs identify patterns, automate testing processes, and prioritize findings based on impact.
Similarly, the proliferation of Internet of Things devices creates a vast and often insecure network of connected systems. Devices in manufacturing, healthcare, retail, and even homes are frequently shipped with weak security configurations. LPTs test these environments for vulnerabilities in firmware, communication protocols, and device management, helping businesses secure endpoints that fall outside conventional network boundaries.
Blockchain and decentralized applications also present a new domain for penetration testing. Smart contracts, distributed ledgers, and cryptocurrency systems require specialized knowledge to assess. Licensed Penetration Testers are expanding their skills into these areas to ensure that businesses adopting these technologies do so securely.
Supporting Digital Transformation with Security Expertise
Digital transformation initiatives—ranging from cloud migration and remote collaboration to automation and data-driven decision-making—are central to business growth and innovation. However, these transformations also introduce new risks that must be managed carefully. Licensed Penetration Testers play a critical role in supporting secure digital transformation.
Whether a business is adopting hybrid cloud solutions, integrating with third-party APIs, or implementing machine learning models, an LPT can evaluate each stage for vulnerabilities. Their involvement ensures that innovation does not compromise the security of existing systems or introduce unanticipated weaknesses.
Their support goes beyond technical assessments. Licensed Penetration Testers work closely with leadership to develop security frameworks that align with transformation goals. They help create strategic roadmaps for security improvements, identify policy gaps, and define best practices for secure digital growth.
In organizations that are rapidly scaling or expanding into new markets, this kind of security foresight is invaluable. It reduces the risk of disruption, accelerates time-to-market, and builds trust with customers who expect transparency and security in their digital interactions.
The role of LPTs in Cybersecurity Strategy
As cybersecurity threats become increasingly integrated into national security, economic stability, and public trust, the role of Licensed Penetration Testers will expand beyond individual organizations. These professionals will be central to industry-wide risk management, information sharing, and collaborative defense strategies.
LPTs will increasingly contribute to public-private cybersecurity partnerships, sector-specific threat intelligence exchanges, and cross-border security coalitions. Their ability to identify systemic vulnerabilities, test critical infrastructure, and validate defensive technologies makes them essential actors in global cyber defense.
Additionally, their expertise will be in demand in areas like critical infrastructure protection, secure software development, cyber law compliance, and policy advisory. Organizations of all types—from startups to multinational corporations and government agencies—will seek their skills not just for technical testing, but for strategic planning, education, and leadership.
The future of LPTs also lies in continuous learning. With new technologies and threat techniques emerging constantly, these professionals must commit to ongoing education, certifications, and lab practice. Organizations should support this growth by providing access to advanced training, industry events, and community involvement. Investing in the development of LPTs strengthens both individual careers and the security posture of the organization.
Bridging the Gap Between Security and Business
One of the most valuable contributions of Licensed Penetration Testers is their ability to bridge the gap between cybersecurity and business objectives. They translate complex technical vulnerabilities into clear, actionable insights that inform leadership decisions. Their assessments prioritize risks based on potential business impact, making it easier for executives to align security investments with strategic goals.
LPTs contribute to a shared understanding of risk across departments. Their work enhances collaboration between IT, legal, compliance, finance, and operations teams. This cross-functional awareness ensures that security is integrated into daily business functions rather than treated as an afterthought or separate silo.
In today’s environment, where trust is a competitive differentiator and data protection is a legal obligation, this bridge is indispensable. Licensed Penetration Testers enable organizations to make informed, confident decisions about security strategy, incident response, and long-term planning.
Creating a Resilient
The road ahead for cybersecurity is one of increasing complexity, but also increasing opportunity. Businesses that recognize the value of licensed penetration testing are better positioned to protect their assets, serve their customers, and grow securely. The investment in Licensed Penetration Testers—whether through hiring, training, or partnerships—is a step toward building a resilient, adaptable, and future-ready organization.
LPTs represent more than technical expertise. They embody a mindset of continuous improvement, strategic thinking, and ethical responsibility. Their role will continue to evolve, but their value will remain constant: helping organizations uncover what could go wrong, so they can build systems that go right.