To begin the testing, you should get specific knowledge of your network, system processes, connections, devices, environment, etc. In other words, you should understand all the processes that are happening when users are trying to access their accounts, data, programs, etc. to perform their work. Also, you should know how software and tools for penetration testing work.
Likewise, you should carefully plan pen testing. If it’s performed at the wrong time or misses important components, the result can be misleading and harmful for the enterprise's continuity and operations.