The Social-Engineer Podcast

In this episode, Chris Hadnagy and Ryan MacDougall are joined by Rockie Brockway.  Rockie is currently the Practice Lead for the Office of the CSO for TrustedSec. With over 28 years' experience in information security and business risk, Rockie specializes in Business Risk Analysis and the inherent relationships between data, assets, adversaries, and the organization’s brand value. He provides strategic and tactical advisory services to TrustedSec’s clients, assisting them in maturing their organizations’ security programs.  00:00 – Intro  Social-Engineer.com  Social-Engineer.org  InnocentLivesFoundation.org  SE Vishing Service  SE Phishing Service  Social-Engineer Slack Channel  Pro-Rock.com  Breaking Security Awareness Virtual Conference by Living Security – Chris will appear June 24  03:35 – Rockie Brockway Intro  https://www.trustedsec.com/team/rockie-brockway/  https://www.linkedin.com/in/rockie-brockway-6416349/  https://bsidescleveland.com  07:25 – A little about Rockie’s background and how he got started in the industry  10:35 – Rockie's feelings on the past 29 years, from the first virus he saw vs what we see now  12:35 – Rockie was in a math rock band called Craw, Rockie played shows with CLUTCH!!!   17:15 – What should I have or learn to get a job in a company like yours?  20:55 -  Practical Social Engineering certification  21:52 – How do you take curious and knowledgeable people’s knowledge and bridge that gap between them and the decision makers?  23:43 – How can young people get the qualities you suggest?  25:20 – Never be afraid of failure  27:45 – How important is top-down leadership support, or what are the most important aspects of doing your job?  31:25 – Are there more or less “future thinking” proactive security concerns than there were years ago?  36:02 – What level of organizations are bringing you in for your assistance?  37:28 – Action steps for corporations to start doing now  Outro  40:42 – Colleagues you respect most in the industry  Dr Peter Tippett  Marty from Snort  Renaud from Nessus  Dave Kennedy and TrustedSec GitHub  Jack Jones - Factory Analysis Information Risk  B Sides Jack Daniel, Nickerson, Ian Emit  42:45 – Book recommendations  Learning from the Octopus  Emergence  Tribe – Sebastian Younger  The Martian – Andy Weir   Artemis    44:33 – How to contact Rockie  Twitter @rockiebrockway  Twitter @bsidescleveland  Rockie Brockway on Linkedin  TrustedSec.com 

In this episode, Chris Hadnagy and Maxie Reynolds are joined by one of our greatest friends and mentors, Joe Navarro.  After serving as an FBI agent for 25 years, Joe has become a nonverbal and behavioral expert. Since retiring, he has authored 14 books in 29 languages dealing with human behavior and body language. His book “What Every BODY Is Saying” remains the #1 selling body-language book in the world for over 12 years.  Joe’s new book “Be Exceptional” brings 40 years of his observations and research into one book.   00:00 – Intro   Social-Engineer.com   Social-Engineer.org   InnocentLivesFoundation.org   SE Vishing Service   SE Phishing Service   Security Assessments   Certified Training Programs   Adversarial Simulations   Social-Engineer channel on SLACK   CLUTCH   June 24th: Chris at Living Security 2nd annual Breaking Security Awareness (digital conference for 2021)   03:54 – Joe Navarro Intro   www.jnbodylanguageacademy.com    https://www.jnforensics.com/media    https://www.jnforensics.com/books    www.twitter.com/navarrotells   05:40 – Discussion on Joe’s newest book, “Be Exceptional”.  Why a book about being exceptional?  08:41 – Is the writing style in the new book purposely like the others, where you compiled people’s behavior?  Did you start writing with this idea, or did the book come about after you had cataloged it all?  13:16 – What is the difference between excellence and perfection?  15:13 – “Whoever provides the most psychological comfort is going to be the soonest winner”  16:23 – Excellence is about experience and the journey  18:34 – How does someone get to the place where they have mastery over their emotions?  22:50 – How do you get people to have self-awareness and humility?  24:05 – Self-Mastery  26:12 – What is the ranking of success, if it’s not “counting possessions”?  28:15 – How much of excellence is habit?  Is any of excellence based on genetics?   29:18 – Thoughts on Usain Bolt and other runners achieving excellence  32:44 – Thoughts on Benjamin Franklin achieving excellence  39:42 – “Be Exceptional” comes out June 29, a bit of discussion about book release  41:02 – Wrap Up  How to contact Joe:   www.joenavarro.net  www.jnbodylanguageacademy.com  www.jnforensics.com  Joe Navarro on Twitter: @NavarroTells  42:01 – Favorite Books  The Giving Tree   The Gift of Fear  The Desert Queen  The Power of Myth – Joseph Campbell  Heroditus – The History  44:22 – Joe’s Mentors  Mom, Dad, Grandma   Jack Schafer   David Givens   Gerald Post – CIA  47:12 – Outro   www.social-engineer.org – newly redesigned   www.social-engineer.com   www.innocentlivesfoundation.org 

In this episode, Chris Hadnagy and Ryan MacDougall are joined by Jason Frank.  Jason has an extensive background in helping both government and Fortune 100 organizations, and has served a course instructor for the Black Hat security conference. Jason is now currently the COO at SpecterOps, where he is accountable for execution of the company. He oversees the Adversary Simulation and Detection delivery capabilities, where he helps clients to understand, detect, and respond to adversaries. May 17, 2021   00:00 – Intro  Social-Engineer.com  Social-Engineer.org  InnocentLivesFoundation.org  Human Hacking Book  Vishing as a Service (VaaS)  Phishing as a Service (PHaaS)  HumanHackingBook.com  Slack Channel  @HumanHacker on Twitter  CLUTCH  03:05 – Podcast Guest Jason Frank Intro   03:22 – Jason at BlackHat  03:30 - SpecterOps  04:34 – How Jason got to where he is  08:50 – Curiousity and motivation born from failing at a CTF  09:50 – Adversary Simulation – why is Jason using this phrase?  12:32 – Where are we in the current security culture?  16:11 – How to get attention of stakeholders, what concepts do you put in play?  18:03 – Reactive vs. Proactive  21:56 – How can corporations prepare for and mitigate attacks?  23:39 – What are the business repercussions of not letting machines talk to each other, and only the server?  25:45 – What are the more recent attacks you’ve seen coming up that people should be looking for?  28:14 – Knowledge bombs – terminology that people can look up to recognize “low hanging fruit” they may be missing – Bloodhound  30:00 – Cycles where certain things can be exploited such as ActiveDirectory  30:50 – What other things do companies need to be watching for  32:14  – PowerShell  33:44 – What are some action steps that corporations should start taking right now?  34:51 – Colleagues Jason respects most in the industry  Andrew Morris founder of GreyNoise  Dane Stuckey from Palantir  Jason Hill from DHS CISA  Bryan Beyer and Keith McCammon from Red Canary  36:50 – Jason's Book Recommendations  Creativity Inc.  Principles: Life and Work  Get A Grip  38:31 – Wrap-Up  @jasonjfrank on Twitter  Jason J Frank on LinkedIn  @joemontmania on Twitter (Ryan MacDougall)  @HumanHacker on Twitter (Chris Hadnagy)  @InnocentOrg on Twitter (Innocent Lives Foundation) 

In this episode, Chris Hadnagy and Maxie Reynolds are joined by industry professional Jack Schafer, PhD.  Dr. Schafer is a psychologist, professor, intelligence consultant, and former FBI Special Agent. Dr. Schafer spent fifteen years conducting counter-intelligence and counterterrorism investigations, and seven years as a behavioral analyst for the FBI's National Security Division's Behavioral Analysis Program.  May 10, 2021     00:00 - Intro  Social-Engineer.com  Vishing as a Service (VaaS)  Phishing as a Service (PHaaS)  Black Hat  Slack Channel  Clutch  Innocent Lives Foundation  03:32 - Introduction to Dr. Jack Schafer, PhD.  04:54 - How Jack decided to start training people in his field after retirement  07:46 - Why is rapport building important?  11:49 - How do you stop rapport from being used against you?  13:51 - Explaining “The Truth Bias”  15:37 - Rapport works across different cultures  18:15 - The basic human need to correct other people  19:28 - Integrating the knowledge of that need into work as an FBI agent - “Brian’s Loop”  23:01 - People don’t answer yes or no, they answer Yes+, No+, I Don’t Know+  23:19 - Flattery  25:13 - Roundabout vs Direct Approach  26:45 - The “right” way is the way that works for you  29:58 - The Truth “Default Mode” and breaking the baseline  33:05 - Verbal vs. Non-Verbal Cues  36:19 - Get A Commitment  37:36 - Why does getting a commitment work on humans?  39:50 - The Lip Purse  42:40 - Wrap Up  The Like Switch  The Truth Detector  Emma  44:45 - Jack’s Mentors  46:30 - Contact Jack  Jack Schafer on LinkedIn  Email: jackschafer500@yahoo.com  47:06 - Outro  Maxie Reynolds on Twitter  Maxie Reynolds on Instagram  Chris Hadnagy on Twitter  Social-Engineer on Instagram  www.social-engineer.com  www.social-engineer.org  www.humanhackingconference.com  www.humanhackingbook.com  www.innocentlivesfoundation.org  Social-Engineering Slack Channel  CLUTCH   

In this episode of the SECurity Awareness Series of the SEPodcast, Chris Hadnagy and Ryan MacDougall are joined by Ashley Rose, the CEO of Living Security. Listen in as they discuss the best methods to teach cybersecurity awareness, as well as the unique advantages when using escape rooms to do so.  April 19, 2021   00:00 – Introduction  Social-Engineer.com  Slack  Clutch  03:12 – Introduction to Ashley Rose  04:31 – Ashley’s path into cybersecurity awareness  10:59 – Developing an escape room that teaches cybersecurity  15:02 – How Living Security adapted to the pandemic  22:16 – How Ashley gets the attention of potential clients  26:00 – Why “adaptive problem solving” is a vital skill  28:49 – How this training is increasing security awareness  30:47 – The industry’s unhealthy focus on compliance  34:41 – The science that went into developing the training  36:49 – How training can be individualized to increase effectiveness  41:42 – Ashley's contact info  www.livingsecurity.com  Living Security on Twitter  Ashley on LinkedIn  Ashley on Twitter  42:28 – Ashley's most respected colleagues  Venus Goodwine   Chris Nickerson  44:40 – Ashley’s action steps that corporations should start doing right now  49:06 – Ashley's book reccomendations  The CEO Tightrope: How to Master the Balancing Act of a Successful CEO  The Hard Thing About Hard Things: Building a Business When There Are No Easy Answers  50:13 – Outro  Ryan on Twitter  Chris on Twitter  Ashley on Twitter  Living Security on Twitter  Ashley on LinkedIn  Social-Engineer.org   Social-Engineer.com  The Innocent Lives Foundation      

In this episode of the Social-Engineer podcast, Chris Hadnagy and Maxie Reynolds are joined by Dr. Ida Ngambeki, an Assistant Professor of Computer and Information Technology at Purdue University. Listen in as they discuss importance of empathy and the best ways to teach social engineering.  April 12, 2021 00:00 – Intro  Join Social-Engineering on Slack Clutch  The Innocent Lives Foundation     03:25 – Introduction to Dr. Ida Ngambeki  04:20 – How Ida got into social engineering  08:45 – Teaching the next generation of social engineers  11:30 – Teaching the distinct aspects of social engineering  17:05 – The difference between a pentester and a malicious actor  19:01 – The importance of bias and assumptions  20:36 – Ida’s unconventional path to social engineering expertise  24:42 – The importance of empathy in security education  27:50 – The three aspects of empathy  30:04 – Diversity in the information security industry  34:22 – Chris getting held at gunpoint  39:50 – The problem with fear-based pretexts  42:32 - Ida’s industry mentors  Donna Riley    Demitra Evangelou    Melisa Dark    Alejandrah Magana   William Gratiano    Mark Rogers  45:14 – Ida's book recommendations  Terry Pratchett  The Secret Lives of Baba Segi's Wives  Neil Gaiman  The Tenth Muse  Code Girls  47:59 – Ida's contact info  cybersecurelab.com  Purdue’s Website  49:23 – Maxie's book  The Art of Attack: Attacker Mindset for Security Professionals  51:02 - Outro  Maxie on Twitter  Chris on Twitter  Social-Engineer on Twitter 

In this episode of the SECurity Awareness Series of the SEPodcast, Chris Hadnagy and Ryan MacDougall are joined by Brian Phillips who is responsible for information security at Macy’s. Listen as they discuss how to: build an information security organization, hire the right people, and get buy-in from executives.  March 15, 2021   00:09 – Intro  Social-Engineer.com  Phishing As A Service®  Vishing As A Service®  01:54 – Introduction to Brian Phillips  02:44 – Security in a retail environment and impacts from the pandemic  07:25 - How to build an information security organization from the ground up  10:14 – Changing an organization's mindset for better security  14:20 – The most desirable quality in a team member, and how to recognize it in an interview  18:21 – How to nurture an outsider into a security professional  22:48 - How to align corporate security initiatives with business goals  Never Split the Difference: Negotiating As If Your Life Depended On It  26:38 – The importance of buy-in from the C-level down, and how to get it.  38:13 – Key takeaways that corporations should start doing now  40:17 – Brian’s most respected colleagues  Dave Kennedy  Ed Skoudis  John Strand  Rob Fuller  Carlos Perez  42:14 – Brian's book recommendations  Never Split the Difference: Negotiating As If Your Life Depended On It  Thinking, Fast and Slow  Human Hacking: Win Friends, Influence People, and Leave Them Better Off for Having Met You  How to Win Friends & Influence People  Robin Dreke's Books:  Sizing People Up: A Veteran FBI Agent's User Manual for Behavior Prediction  It's Not All About Me: The Top Ten Techniques for Building Quick Rapport with Anyone  The Code of Trust: An American Counterintelligence Expert's Five Rules to Lead and Succeed  Joe Navarro’s Books:  Be Exceptional: Master the Five Traits That Set Extraordinary People Apart  The Dictionary of Body Language: A Field Guide to Human Behavior  What Every Body Is Saying: An Ex-FBI Agent's Guide to Speed-Reading People  (more)    Leaders Eat Last: Why Some Teams Pull Together and Others Don't    44:03 – Conclusion  Ryan on Twitter  Brian on Twitter  Chris on Twitter  Social-Engineer.org   Social-Engineer.com  The Innocent Lives Foundation  Clutch 

In this episode, Chris Hadnagy and Maxie Reynolds are joined by ex-FBI Spy Catcher and now world renowned Trust and Rapport expert, Robin Dreeke. Listen in as they discuss the importance of mentoring, TRUST and relationship building. - March 8, 2021 00:09 – Intro  Social-Engineer.com  01:43 – Introduction to Robin Dreeke  03:35 – The importance of mentoring  09:37 – The levels of mentoring  11:05 – How to find a mentor  14:18 – How to choose a mentee  18:49 – Building genuine relationships and partnerships  21:11 – Teaching transparency  23:29 – Bringing value to a relationship and exercising transparency  25:45 – Try to understand the reasons behind a person’s actions  33:13 – Figure out what kind of feedback a person needs  36:20 – Making empathy a habit  38:01 – When emotionally hijacked, utilize tactical empathy  41:17 – Is it better to confront or adapt to miscommunication?  47:08 – Robin's current projects and info  PeopleFormula.com  Robin on Twitter  Robin on Facebook   Robin on LinkedIn  Robin on YouTube  Human Hacking Conference: https://www.humanhackingconference.com/trainers/robin-dreeke/  51:51 – Robin's most respected colleagues  Joe Navarro  Jack Schafer  Jordan Harbinger  Eric Hunley  52:55 – Robin's book recommendations  Human Hacking: Win Friends, Influence People, and Leave Them Better Off for Having Met You  Sizing People Up: A Veteran FBI Agent's User Manual for Behavior Prediction  It's Not All About Me: The Top Ten Techniques for Building Quick Rapport with Anyone  The Code of Trust: An American Counterintelligence Expert's Five Rules to Lead and Succeed  How To Win Friends and Influence People  Think Like a Monk: Train Your Mind for Peace and Purpose Every Day  Never Split the Difference: Negotiating As If Your Life Depended On It  Extreme Ownership (How U.S. Navy SEALs Lead and Win)  Insight: Why We're Not as Self-Aware as We Think, and How Seeing Ourselves Clearly Helps Us Succeed at Work and in Life  Hook Point: How to Stand Out in a 3-Second World  Leaders Eat Last: Why Some Teams Pull Together and Others Don't  56:17 - Outro  Maxie on Twitter  Robin on Twitter  Chris on Twitter  Social-Engineer.org   Social-Engineer.com  The Innocent Lives Foundation     Clutch 

In this episode, Chris Hadnagy and Ryan MacDougall are joined by industry professional, Julie Rinehart. Julie has spent the last 10 years building and enhancing Fortune 500 enterprise Security Awareness programs. Listen as they discuss using empathy to improve security awareness and the flaws in the “stupid user” philosophy.    00:10 – Intro  Phishing as a Service (PHaaS)  Vishing as a Service (VaaS)  Social Engineering Risk Assesment (SERA)  SEVillage: The Human Hacking Conference  Social-Engineer.com  01:56 – Introduction to Julie Rinehart  02:28 – How Julie got into the industry  06:21 – Dismantling the “stupid user” philosophy  07:53 – How to interview your employer  10:34 – The biggest milestones in Julie’s career  14:31 – How you can encourage users to report the phish they clicked on  19:22– What we can learn from “people who try to do the right thing and then mess up”  25:25 – The benefits of making security personal  28:34 – Julie's biggest challenges in the industry  30:28 – Increase security awareness using gamification  35:13 – Julie's mentors and most respected colleagues  38:54 - Julie’s podcast recommendations  Armchair Expert   (Episode 248 – David Farrier)  The CyberWire  Darknet Diaries  43:52 – Outro  Ryan on Twitter  Chris on Twitter  Social-Engineer on Twitter  Social-Engineer.org  Social-Engineer.com  SEVillage: The Human Hacking Conference  Human Hacking Book  The Innocent Lives Foundation    Clutch   

In this episode, Chris Hadnagy and Maxie Reynolds are joined by writer, speaker, business owner, and hype artist, Michael F. Schein. Michael shares the social engineering tactics he was able to learn from cult leaders and mischief makers. Find out how these often-manipulative tactics can be used for good.  - Feb 8, 2021 00:09 – Introduction  Social-Engineer.com  01:44 – Introduction to Michael F. Schein  02:30 – How Michael figured out that we can learn from cult leaders and mischief makers  10:38 - Influence through disruption  11:44 – Make war not love  13:21 – Basecamp: Simplicity by hating complexity  16:21 – Building hype requires confidence  18:15 – Focus on what you want to be known for  26:06 – Create a secret society  30:27 – How Michael socially engineered himself onto the podcast  35:34 – The positive side of hype  37:43 – Chris, Maxie and Michael's favorite music  43:03 – Michael's most respected colleague: Michael Roderick  44:21 – Michael's book recommendations:  The Crowd: A Study of the Popular Mind  Masters of Atlantis    47:10 – Michael's contact info  Hype Book Club  microfamemedia.com  michaelfschein.com  The Hype Handbook: 12 Indispensable Success Secrets From the World’s Greatest Propagandists, Self-Promoters, Cult Leaders, Mischief Makers, and Boundary Breakers    48:39 – Outro  Maxie on Twitter  Maxie on Instagram  Chris on Twitter  Social-Engineer on Twitter  Social-Engineer on Instagram  Social-Engineer.org  Social-Engineer.com  The Innocent Lives Foundation    Clutch