We are looking at starting an internal "white hat" security team made up of some of our tech savvy employees. These users would, from time to time, try to access folders they shouldn't have access to, try to make themselves domain admins, try to change other users' passwords, etc. This would be in addition to their primary duties. Does anyone know of something like this being done? I know outside firms are available to do security testing, but it might be advantageous to have our own team. Thanks for any feedback!