The Social-Engineer Podcast

This month Chris Hadnagy is joined by Dr. Jessica Barker. Jessica is an award-winning global leader in the human side of cyber security. She is Co-Founder and co-CEO of Cygenta, where she follows her passion of positively influencing cyber security awareness, behaviour and culture in organisations around the world. Jessica was also named one of the top 20 most influential women in cyber security in the UK and is the former Chair of ClubCISO. She is the author of the best-selling book Confident Cyber Security: how to get started in cyber security and futureproof your career AND co-author of Cybersecurity ABCs: delivering awareness, behaviours and culture change.   October 11, 2021. 00:00 – Intro  www.social-engineer.com     Managed Voice Phishing       Managed Email Phishing       Adversarial Simulations       Social-Engineer channel on SLACK       CLUTCH       www.innocentlivesfoundation.org    04:21 -  How did you get into cyber security?  06:48 – What were you researching before all that?  08:30 – How does human behavior influence technology?  10:00 – How has Covid-19 and the world scene impacted us when it comes to security?  14:26 – When we look on the internet at how aggressive people have gotten, and the anonymity has enabled people to be more terrible to each other, have you seen this aggression over the last 18 months affect security?  17:20 - Bullying  22:05 – Why is it looked at as “bad” to use bonuses when training people?  28:00 – What are the most positive ways to do it right?  32:37 – How would you suggest a company chooses the right “champion”?  36:26 – Finding Jessica on the web:  Twitter: @drjessicabarker  LinkedIn: https://www.linkedin.com/in/jessica-barker/  Instagram: @drjessicabarker  www.cygenta.co.uk  37:20 – Who is your greatest mentor?  Jane Frankland – business leader in cyber security  https://jane-frankland.com/in-security/  39:37 -  Favorite Books  Confident Cyber Security: How to Get Started in Cyber Security and Futureproof Your Career  Cybersecurity ABCs: Delivering awareness, behaviours and culture change  Human Hacking – Chris Hadnagy  Crime Dot Com – Geoff White  The Optimism Bias – Tali Sharot  Black Box Thinking – Matthew Syed  43:26 – Outro 

In this episode, Chris Hadnagy and Ryan MacDougall are joined by Ed Skoudis.  Ed is a SANS Institute Fellow, Instructor, and Director of Cyber Ranges.  He is the founder of Counter Hack, an innovative cyber security company that works as trusted information security advisors to government, military, and commercial enterprises by providing in-depth security architecture, penetration testing, red teaming, incident response, and digital forensics expertise. Ed frequently presents industry keynotes based on the latest attack vectors he identifies during his team’s penetration testing projects, expert witness work on large-scale breaches, security research into late-breaking malware and exploits, and incident response engagements. Over his career, Ed has taught over 20,000 students in computer incident response and penetration testing.  Ed and his team are also the creators of the SANS Holiday Hack Challenge, a free gift to the community every December challenging tens of thousands of people to build their cyber security skills in a fun, quirky adventure to save the holiday season. September 20, 2021  00:00 – Intro  www.social-engineer.com   Managed Voice Phishing     Managed Email Phishing     Adversarial Simulations     Social-Engineer channel on SLACK     CLUTCH     www.innocentlivesfoundation.org  03:26 – Ed Skoudis Intro  05:26 – How did you get started, how did you get into this field?  09:18 – What do you looking for when building your team?  10:47 – How long will you observe a person to determine if they have the integrity or skill that you want?  12:44 – What advice would you give for companies to find people with the skill and integrity they need more quickly than observing them for 2-4 years?  22:00 – “Nothing new” in social engineering vs infosec, which is constantly changing  23:45 – Why do you feel experience like participating in CTF’s are so valuable for people in this community? 28:57 – What is your advice for people on how to find quality CTF’s?  www.holidayhackchallenge.com  www.ctftime.org  www.wechall.net  https://opentoallctf.github.io/  32:04 – How long does it take your team to construct these challenges?  35:54 – If someone wants to sponsor this event, where can they go?  www.holidayhackchallenge.com  36:42 – Who are the colleagues or mentors that have been most influential to you, people you wouldn’t be where you are today if not for them?  Ed’s Nana – Evelyn Hiddings  Manager at Bellcore - Miriam Hernandez Cagle  SANS instructor, founder of In Guardians - Mike Poor  Security Expert - Johnny Long  SANS founder – Alan Paller  40:30 – What are some action steps corporations should start doing right now based on the advice you gave today to build a great team?  Have a good corporate culture and leadership  Be thoughtful and meaningful, make it fun, and challenge them  Take input from your team and empower them  43:09 – Do you have any advice for employees dealing with burnout, how to practice self-care, or other coping mechanisms?  Monthly meeting with state of the business, business reflections  Rituals – Get a bagel and call mom on Saturdays, morning walk, calling friends out of the blue  Gratefulness – when stressed, pause and think about what you’re grateful for  Get off social media for a few days  50:27 – Book Recommendation  The Code Book by Simon Singh 51:53 – Outro  www.innocentlivesfoundation.org  www.social-engineer.com    

In this episode, Chris Hadnagy is joined by Dr. Cortney Warren. Dr. Warren is a Board-Certified Clinical Psychologist and former tenured Associate Professor of Psychology at the University of Nevada, Las Vegas (UNLV).  She is an expert on addictions, self-deception, eating pathology, and the practice of psychotherapy from a cross-cultural perspective. In addition to publishing in some of the field’s top scientific, peer-reviewed journals, Dr. Warren is passionate about bringing theoretically grounded, empirically-supported psychological research to the general public. So, in addition to her academic work, Dr. Warren is a research consultant, keynote speaker, and writes a blog for Psychology Today.  September 13, 2021   00:00 – Intro  www.social-engineer.com  Managed Voice Phishing    Managed Email Phishing    Adversarial Simulations    Social-Engineer channel on SLACK    CLUTCH    www.innocentlivesfoundation.org  02:10 – Cortney Warren Intro  03:35 – How did you get started?  07:28 – Why is it so hard to be honest with ourselves?  10:01 – What gets the person from “it’s easy to lie to myself” to “I’m readily open to admit this”  13:25 – Admitting the truth is just the first step  13:20 – There are certain ways humans lie to themselves.  One of them is “The Specialness Fallacy”  17:43 – How do people make the change in someone who doesn’t want to make the change, they’re not at that point yet?  21:45 – Is self-deception the same in every culture?  25:47 – Is there a particular culture that is more honest with themselves than others?  28:12 – Why is bringing research to the public such a mission for you?  31:41 – How do we make the change out of self-deception?  41:30 – Have you helped people in abusive relationships with your methods?  44:31 – When does your book come out? 44:47 – How to reach Cortney:  www.choosehonesty.com  Email: cortneywarren@choosehonesty.com  Facebook: https://www.facebook.com/CortneySWarren   Twitter: https://twitter.com/DrCortneyWarren    LinkedIn: https://www.linkedin.com/in/dr-cortney-s-warren-phd-abpp-a4188772/  YouTube: https://www.youtube.com/playlist?list=PLQGXD7Ms5oR3GzsPZl3Tjl_9qj71MezHj   Instagram: https://www.instagram.com/cortneywarren/  45:37 – Who is your greatest mentor?  My mother, Karen J Warren  48:25 – Favorite Books:  Victor Frankl –Man’s Search for Meaning  50:16 – Outro  www.innocentlivesfoundation.org  www.social-engineer.com 

In this episode, Chris Hadnagy and Ryan MacDougall are joined by Bernie Acre.  Bernie is the Chief Information Officer for the City of Bryan, TX where he’s responsible for all technology and communications systems, including the Fire, Police, Public Works, the municipal electric utility, and a myriad of general support organizations.  Bernie is currently an appointed Member of the Texas Cybersecurity Council. Bernie has a combined 41-years of experience in information technology; including 20+ in the US Air Force and 21 years in the electric utility industry and municipal government. August 16, 2021 00:00 – Intro  www.social-engineer.com  Managed Voice Phishing    Managed Email Phishing    Adversarial Simulations    Social-Engineer channel on SLACK    CLUTCH    www.innocentlivesfoundation.org  03:34 – Bernie Acre Intro 04:43 – How did your transition into this position take place? 08:18 – What makes you proud of the culture that you created around employee awareness? 12:25 – How do you get all senior management on board? 14:24 – What did it take to find the people to make such a great team? 15:35 – What were you looking for in these people 17:15 – Setting the bar  19:15 – Team Advocate vs. Adversary  23:59 – Was your senior management always on board with being part of the testing?  27:06 – So the third hour of their required training is something the employees choose?  27:54 – Have you always had the philosophy that the security training you do at work should become personal?  29:21 – What are three things you would tell someone beginning in the field to focus on?  32:51 – Taking the time to grow  34:49 – What do you do to help combat burn out?  How about promoting self-care?  37:31 – What lacks the most sometimes in an organization is communication 37:43 – Who in this industry do you respect the most?  One of Bernie’s commanders in the service, for overall leadership  For this industry:  Chris Hadnagy  Roger Grimes (KnowBe4)  Stu Sjouwerman (KnowBe4)  Kevin Mitnick (KnowBe4)  40:13 – Book Recommendations Winning America by Allan Eckert  All works by James Michener  Valor Across The Lone Star by Charles M. Neal  43:55 – What got you so heavily into history?  44:38 – Finding Bernie on the internet:  www.linkedin.com/in/bernie-acre-cgcio-7838375a/  www.bryantx.gov  47:04 – Outro  Thanks to Bernie  www.innocentlivesfoundation.org           

In this episode, we are joined by Michael Roderick. Michael is the CEO of Small Pond Enterprises which helps thoughtful givers become thought leaders by making their brands referable, their messaging memorable, and their ideas unforgettable. He is also the host of the podcast Access to Anyone which shows how you can get to know anyone you want in business and in life using time-tested relationship-building principles. Michael's unique methodology comes from his own experience of going from being a High School English teacher to a Broadway Producer in under two years.   August 9, 2021   00:00 – Intro  www.social-engineer.com  www.innocentlivesfoundation.org  Managed Voice Phishing   Managed Email Phishing   Adverserial Simulations   Social-Engineer channel on SLACK   CLUTCH   02:08 – Intro to Michael Roderick, CEO of Small Pond Enterprises www.smallpondenterprises.com    www.accesstoanyonepodcast.com 03:20 – High school teacher – where did that come from and what were you teaching? 04:17 – You moved to New York and while teaching high school, you decided you wanted to be a            producer.  How did that come about? 09:49 -  Was all of what you are saying a plan of yours, or you just did it and it worked out? 11:45 – You were doing something for these people with no ask in return.  This makes such a psychological bond with these people.  Why would you do this? 14:41 – What framework did you create out of this experience? 19:45 – You’ve got direct and indirect approach, what are the other two? 23:07 – What methods do you use to find the detail about who you are approaching for the mutually beneficial approach? 27:19 – What’s the “E”? 35:16 – Did you come up with “DIME”? 35:55 – How can an average person use the skills you talked about to cultivate a network? 39:49 – Finding Michael on the Internet: www.smallpondenterprises.com www.myreferabilityrater.com Social Media links (not mentioned in podcast) Twitter: https://twitter.com/MichaelRoderick  LinkedIn: https://www.linkedin.com/in/michael-roderick-1161571/  Facebook: https://www.facebook.com/mike.roderick.940  40:37 – Who is your greatest mentor? Jeff Madoff 41:37 – Favorite Books Your Brain at Work – David Rock Breakthrough Advertising – Eugene Schwartz

Michael Fortune, Security Behaviours Team Manager for British Telecom (BT) UK, discusses the challenges of getting senior management buy-in for security awareness. He emphasizes the importance of personalized sessions, creating actionable programs, and explaining the repercussions of not doing training. The speakers also explore the significance of the human element in cybersecurity and practical experience in understanding people.

In this episode, Chris Hadnagy is joined by Teresa Abram.  Teresa is the founder of Handwriting P.I., a full-service handwriting analysis business. Teresa is not only a handwriting analyzer, but also a professional personality investigator who can spot the red flags of a dangerous personality, identify someone’s strengths, and uncover what is holding someone back. Teresa’s interest in handwriting started when she was just 14 years old and has led her to hosting her own podcast, “A Most Unusual T Party” where she uses the letter T to unlock pieces of a person’s story...which is fascinating to listen to! July 12, 2021 00:00: Intro  www.social-engineer.com  Managed Voice Phishing  Managed Email Phishing  Adverserial Simulations  Social-Engineer channel on SLACK  CLUTCH  Innocent Lives Foundation  03:01: Teresa Abram Intro  Handwriting P.I.  A Most Unusual T Party  05:00: How did you get into this at 14 years old?  07:50: How does one practice handwriting analysis?  09:05: What is scary handwriting?  Psychopath scale.  10:00: Chris’ handwriting  11:20: Can you fool handwriting analysis?  14:00: Can this be used by companies to vet potential employees?  16:05: InfoSec and Handwriting are similar. All science is accurate until it’s not.  18:35: Universal gestures   21:53: Discussion about Social-Engineer COO Ryan  24:19: Does Handwriting PI do handwriting analysis for employers?  Combined with other disciplines.  26:31: Chris’ handwriting sample  27:23: Banned by Hitler as witchcraft  28:16: How long has handwriting analysis been around?  28:51: Can you analyze in different languages?  How?  Incongruency  Methods  34:06: Methodology continued.  Turning the paper over.  Go to the letter “t”.  37:21: How long does handwriting analysis take to do?  38:12: What is another way you work with companies?  39:30: Wrap-up  Teresa on the internet:  Instagram: Handwriting_PI  Website: www.handwritingpi.ca    40:47: Teresa’s mentor - Sheila Lowe, President of the American Handwriting Analysis Foundation  41:54: Favorite Books:   The Wisdom of Psychopaths by Kevin Dutton  Illusions by Richard Beck  44:00: How old is Teresa’s Daughter?  And how did she like having a Mom who would read her handwriting?  46:00: Outro  www.pro-rock.com  www.innocentlivesfoundation.org  Chris Hadnagy on Twitter - @HumanHacker 

In this episode, Chris Hadnagy and Ryan MacDougall are joined by Rockie Brockway.  Rockie is currently the Practice Lead for the Office of the CSO for TrustedSec. With over 28 years' experience in information security and business risk, Rockie specializes in Business Risk Analysis and the inherent relationships between data, assets, adversaries, and the organization’s brand value. He provides strategic and tactical advisory services to TrustedSec’s clients, assisting them in maturing their organizations’ security programs.  00:00 – Intro  Social-Engineer.com  Social-Engineer.org  InnocentLivesFoundation.org  SE Vishing Service  SE Phishing Service  Social-Engineer Slack Channel  Pro-Rock.com  Breaking Security Awareness Virtual Conference by Living Security – Chris will appear June 24  03:35 – Rockie Brockway Intro  https://www.trustedsec.com/team/rockie-brockway/  https://www.linkedin.com/in/rockie-brockway-6416349/  https://bsidescleveland.com  07:25 – A little about Rockie’s background and how he got started in the industry  10:35 – Rockie's feelings on the past 29 years, from the first virus he saw vs what we see now  12:35 – Rockie was in a math rock band called Craw, Rockie played shows with CLUTCH!!!   17:15 – What should I have or learn to get a job in a company like yours?  20:55 -  Practical Social Engineering certification  21:52 – How do you take curious and knowledgeable people’s knowledge and bridge that gap between them and the decision makers?  23:43 – How can young people get the qualities you suggest?  25:20 – Never be afraid of failure  27:45 – How important is top-down leadership support, or what are the most important aspects of doing your job?  31:25 – Are there more or less “future thinking” proactive security concerns than there were years ago?  36:02 – What level of organizations are bringing you in for your assistance?  37:28 – Action steps for corporations to start doing now  Outro  40:42 – Colleagues you respect most in the industry  Dr Peter Tippett  Marty from Snort  Renaud from Nessus  Dave Kennedy and TrustedSec GitHub  Jack Jones - Factory Analysis Information Risk  B Sides Jack Daniel, Nickerson, Ian Emit  42:45 – Book recommendations  Learning from the Octopus  Emergence  Tribe – Sebastian Younger  The Martian – Andy Weir   Artemis    44:33 – How to contact Rockie  Twitter @rockiebrockway  Twitter @bsidescleveland  Rockie Brockway on Linkedin  TrustedSec.com 

In this episode, Chris Hadnagy and Maxie Reynolds are joined by one of our greatest friends and mentors, Joe Navarro.  After serving as an FBI agent for 25 years, Joe has become a nonverbal and behavioral expert. Since retiring, he has authored 14 books in 29 languages dealing with human behavior and body language. His book “What Every BODY Is Saying” remains the #1 selling body-language book in the world for over 12 years.  Joe’s new book “Be Exceptional” brings 40 years of his observations and research into one book.   00:00 – Intro   Social-Engineer.com   Social-Engineer.org   InnocentLivesFoundation.org   SE Vishing Service   SE Phishing Service   Security Assessments   Certified Training Programs   Adversarial Simulations   Social-Engineer channel on SLACK   CLUTCH   June 24th: Chris at Living Security 2nd annual Breaking Security Awareness (digital conference for 2021)   03:54 – Joe Navarro Intro   www.jnbodylanguageacademy.com    https://www.jnforensics.com/media    https://www.jnforensics.com/books    www.twitter.com/navarrotells   05:40 – Discussion on Joe’s newest book, “Be Exceptional”.  Why a book about being exceptional?  08:41 – Is the writing style in the new book purposely like the others, where you compiled people’s behavior?  Did you start writing with this idea, or did the book come about after you had cataloged it all?  13:16 – What is the difference between excellence and perfection?  15:13 – “Whoever provides the most psychological comfort is going to be the soonest winner”  16:23 – Excellence is about experience and the journey  18:34 – How does someone get to the place where they have mastery over their emotions?  22:50 – How do you get people to have self-awareness and humility?  24:05 – Self-Mastery  26:12 – What is the ranking of success, if it’s not “counting possessions”?  28:15 – How much of excellence is habit?  Is any of excellence based on genetics?   29:18 – Thoughts on Usain Bolt and other runners achieving excellence  32:44 – Thoughts on Benjamin Franklin achieving excellence  39:42 – “Be Exceptional” comes out June 29, a bit of discussion about book release  41:02 – Wrap Up  How to contact Joe:   www.joenavarro.net  www.jnbodylanguageacademy.com  www.jnforensics.com  Joe Navarro on Twitter: @NavarroTells  42:01 – Favorite Books  The Giving Tree   The Gift of Fear  The Desert Queen  The Power of Myth – Joseph Campbell  Heroditus – The History  44:22 – Joe’s Mentors  Mom, Dad, Grandma   Jack Schafer   David Givens   Gerald Post – CIA  47:12 – Outro   www.social-engineer.org – newly redesigned   www.social-engineer.com   www.innocentlivesfoundation.org 

In this episode, Chris Hadnagy and Ryan MacDougall are joined by Jason Frank.  Jason has an extensive background in helping both government and Fortune 100 organizations, and has served a course instructor for the Black Hat security conference. Jason is now currently the COO at SpecterOps, where he is accountable for execution of the company. He oversees the Adversary Simulation and Detection delivery capabilities, where he helps clients to understand, detect, and respond to adversaries. May 17, 2021   00:00 – Intro  Social-Engineer.com  Social-Engineer.org  InnocentLivesFoundation.org  Human Hacking Book  Vishing as a Service (VaaS)  Phishing as a Service (PHaaS)  HumanHackingBook.com  Slack Channel  @HumanHacker on Twitter  CLUTCH  03:05 – Podcast Guest Jason Frank Intro   03:22 – Jason at BlackHat  03:30 - SpecterOps  04:34 – How Jason got to where he is  08:50 – Curiousity and motivation born from failing at a CTF  09:50 – Adversary Simulation – why is Jason using this phrase?  12:32 – Where are we in the current security culture?  16:11 – How to get attention of stakeholders, what concepts do you put in play?  18:03 – Reactive vs. Proactive  21:56 – How can corporations prepare for and mitigate attacks?  23:39 – What are the business repercussions of not letting machines talk to each other, and only the server?  25:45 – What are the more recent attacks you’ve seen coming up that people should be looking for?  28:14 – Knowledge bombs – terminology that people can look up to recognize “low hanging fruit” they may be missing – Bloodhound  30:00 – Cycles where certain things can be exploited such as ActiveDirectory  30:50 – What other things do companies need to be watching for  32:14  – PowerShell  33:44 – What are some action steps that corporations should start taking right now?  34:51 – Colleagues Jason respects most in the industry  Andrew Morris founder of GreyNoise  Dane Stuckey from Palantir  Jason Hill from DHS CISA  Bryan Beyer and Keith McCammon from Red Canary  36:50 – Jason's Book Recommendations  Creativity Inc.  Principles: Life and Work  Get A Grip  38:31 – Wrap-Up  @jasonjfrank on Twitter  Jason J Frank on LinkedIn  @joemontmania on Twitter (Ryan MacDougall)  @HumanHacker on Twitter (Chris Hadnagy)  @InnocentOrg on Twitter (Innocent Lives Foundation)