So, every time, he took a pic in the exec's chair, stole a file from the server room, and also did whatever he wanted? What is the 'N' factor here, because it sounds like your friend is a bold high schooler who achieved N=1,2,3(tops). Pretty boring security stuff.
To clarify, the companies he penetrated were the ones that hired him in the first place. Red teaming is when a company hires you to perform physical pentesting. You're legally allowed to break into their company within a set of defined rules. Usually the rules are straightforward: no breaking stuff (though sometimes there are exceptions), achieve the objective, carry a "get out of jail" envelope with two emergency contacts from inside the target company who will verify they paid you to break in if anything goes wrong. Other than that, you're free to be as creative as you want in achieving whatever the customer asked for. Think Ocean's Eleven.
These gigs are highly paid and secretive. The coworker I mentioned went on dozens of assignments like this. Admittedly he was legendary, but only because he was so experienced. If you were motivated and malicious, you could do many of the same things to attack a target network. People rarely do that, but it's the ultimate proof that none of us are secure against motivated adversaries.
I mean GP that you're replying to literally said N~=dozens, meaning probably 25+
Side note, that sounds like something one of my old bosses would do on his red team excursions (he also told me to get my teeth pulled without anesthetics at all, so... yea).
