How to achieve security awareness through social engineering - Part 2

In this ranty edition of the Exploring Information Security podcast, Jayson E. Street joins me to discuss how to achieve security awareness through social engineering.

Jayson (@jaysonstreet), is the VP of Information Security at Sphereny. He and April Wright (@aprilwright) are doing training at both Black Hat and DerbyCon on how to achieve security awareness through social engineering. The training focuses on helping blue team members setup effective security awareness programs.

In this episode we discuss:

  • How to communicate with executives

  • Why we need to empower users

  • What happens when Jayson plays video games

  • Why shock value is important

How to achieve security awareness through social engineering - Part 1

In this ranty edition of the Exploring Information Security podcast, Jayson E. Street joins me to discuss how to achieve security awareness through social engineering.

Jayson (@jaysonstreet), is the VP of Information Security at Sphereny. He and April Wright (@aprilwright) are doing training at both Black Hat and DerbyCon on how to achieve security awareness through social engineering. The training focuses on helping blue team members setup effective security awareness programs.

In this episode we discuss:

  • Why security awareness is important
  • What our own experience is with training people
  • What's in the training
  • How to talk to communicate effecitvely

What is Social Engineering for the Blue Team?

In this building better relationships edition of the Exploring Information Security podcast, I discuss my new presentation and workshop content for this year, Social Engineering for the Blue Team.

I've already written a couple blog posts on the topic:

I've also created a GitHub page to track all my resources I intend to use in the presentation and training. The idea of the content is that we can use social engineering (like the red team) in our day-to-day interactions at work. We can use the same techniques to build better relationships and build better security mindsets in our organization. If you prefer soft skills.

In this episode I discuss:

  • What is social engineering for the blue team

  • How I came up with the idea

  • How can this be applied

  • What techniques we can use to build better relationships

How to become a social engineer - Part 2

In this social episode of the Exploring Information Security podcast, Chris Hadnagy joins me to discuss how to become a social engineer.

Chris (@humanhacker) is the Chief Human Hacker at Social-Engineer, Inc. He's the author of several social engineer books. He also has his own podcast. This past summer he announced the Innocent Lives Foundation, which has the objective of unmasking anonymous online child predators through OSINT and relationships with law enforcement. He is a social engineering Hulk in the field of information security.

In this episode we discuss:

  • How to practice to become a social engineer

  • What is toastmasters

  • What college courses can help

  • What resources are available.

How to become a social engineer - Part 1

In this social episode of the Exploring Information Security podcast, Chris Hadnagy joins me to discuss how to become a social engineer.

Chris (@humanhacker) is the Chief Human Hacker at Social-Engineer, Inc. He's the author of several social engineer books. He also has his own podcast. This past summer he announced the Innocent Lives Foundation, which has the objective of unmasking anonymous online child predators through OSINT and relationships with law enforcement. He is a social engineering Hulk in the field of information security.

In this episode we discuss:

  • What is social engineering

  • What skills are needed to become a social engineer

  • How much of social engineering is experience

  • What tools are used for social engineering

What it's like in the SECTF soundbooth

In this on a whim episode of the Exploring Information Security podcast, Michelle joins me to discuss here time participating in the SECTF.

Michelle (@MlleLicious) was one of the contestants who competed on Friday in the Social Engineering Capture The Flag (SECTF). This year the SECTF focused on video game companies and Michelle (happily) pulled Disney. Getting up on stage in front of hundreds of people is already a nerve racking proposition. Now add in that you have to interact with another human being to try and get them to divulge information for points. As you'll hear this was Michelle's first year at DEFCON. She dove right in to the event and walked away from the even with an amazing experience.

In this episode we discuss:

  • What is the SECTF
  • Why apply to the competition
  • What was her preparation for the contest
  • Where could she have improved

Why social skills are important - part 3

In this final part of a three-part series of the Exploring Information Security podcast, Johnny Xmas joins me to discuss why social skills are important.

Johnny (@J0hnnyXm4s) has presented talks and performed training on the topic of social skills at various conferences. He told me it's the topic he gets the most feedback on from people in attendance. I was first introduced to one of Johnny's talks at BSides Nashville 2015. He was presenting on networking with people at conferences. Which I immediately identified with. I was there shooting pictures, because it was an easy way to meet people at conferences.

Social skills are important in organizations, because it allows us to build better relationships with people to improve security. It's a topic that Johnny can talk about for hours (as evident by this three-part series).

In this episode we discuss:

  • Why it's important to never eat alone
  • How to improve your social skills
  • How to start a conversation
  • Why it's important to practice

More resources:

Why social skills are important - part 2

In this second part to a three-part series of the Exploring Information Security podcast, Johnny Xmas joins me to discuss why social skills are important.

Johnny (@J0hnnyXm4s) has presented talks and performed training on the topic of social skills at various conferences. He told me it's the topic he gets the most feedback on from people in attendance. I was first introduced to one of Johnny's talks at BSides Nashville 2015. He was presenting on networking with people at conferences. Which I immediately identified with. I was there shooting pictures, because it was an easy way to meet people at conferences.

Social skills are important in organizations, because it allows us to build better relationships with people to improve security. It's a topic that Johnny can talk about for hours (as evident by this three-part series).

In this episode we discuss:

  • Why it's important to never eat alone
  • How to improve your social skills
  • How to start a conversation
  • Why it's important to practice

More resources:

Why social skills are important - part 1

In this start to a three-part series of the Exploring Information Security podcast, Johnny Xmas joins me to discuss why social skills are important.

Johnny (@J0hnnyXm4s) has presented talks and performed training on the topic of social skills at various conferences. He told me it's the topic he gets the most feedback on from people in attendance. I was first introduced to one of Johnny's talks at BSides Nashville 2015. He was presenting on networking with people at conferences. Which I immediately identified with. I was there shooting pictures, because it was an easy way to meet people at conferences.

Social skills are important in organizations, because it allows us to build better relationships with people to improve security. It's a topic that Johnny can talk about for hours (as evident by this three-part series).

In this episode we discuss:

  • What are social skills
  • Why they're important
  • How it relates to social engineering
  • How to interact with someone in a conversation

More resources:

What is social engineering?

In this humanized episode of the Exploring Information Security podcast, Valerie Thomas joins me to answer the question, "What is social engineering?"

Valerie (@hacktress09) is an executive consultant for Securicon. She uses many techniques to pentest an organization via social engineering. One of the techniques she uses the most is phishing emails.

In this episode we discuss:

  • What is social engineering?
  • The different types of social engineering techniques
  • How social engineering test are conducted
  • Why social engineering is important.

More resources: