As cyber attacks have become more sophisticated and complex, there are many companies that shift their focus to detection and response because there is a limit to preventing attacks. However, detection and response measures do not always work well just by introducing them. It is necessary to properly verify whether it functions as expected, including the skills and rules of the person who operates it. TLPT (threat-led penetration test) ,the test which imitates real cyber attacks,has recently attracted attention as a method for verifying the effectiveness of detection and response measures. In this session, based on the experience of actually implementing TLPT in NTT DATA, we will explain the effects, issues, and points to be implemented.(Same contents as session No. 72E-09 at Oct.10th)