The Social-Engineer Podcast

In this episode, Chris Hadnagy and Ryan MacDougall are joined by Jason Frank. Jason has an extensive background in helping both government and Fortune 100 organizations, and has served a course instructor for the Black Hat security conference. Jason is now currently the COO at SpecterOps, where he is accountable for execution of the company. He oversees the Adversary Simulation and Detection delivery capabilities, where he helps clients to understand, detect, and respond to adversaries. May 17, 2021 00:00 – Intro Social-Engineer.com Social-Engineer.org InnocentLivesFoundation.org Human Hacking Book Vishing as a Service (VaaS) Phishing as a Service (PHaaS) HumanHackingBook.com Slack Channel @HumanHacker on Twitter CLUTCH 03:05 – Podcast Guest Jason Frank Intro 03:22 – Jason at BlackHat 03:30 - SpecterOps 04:34 – How Jason got to where he is 08:50 – Curiousity and motivation born from failing at a CTF 09:50 – Adversary Simulation – why is Jason using this phrase? 12:32 – Where are we in the current security culture? 16:11 – How to get attention of stakeholders, what concepts do you put in play? 18:03 – Reactive vs. Proactive 21:56 – How can corporations prepare for and mitigate attacks? 23:39 – What are the business repercussions of not letting machines talk to each other, and only the server? 25:45 – What are the more recent attacks you've seen coming up that people should be looking for? 28:14 – Knowledge bombs – terminology that people can look up to recognize "low hanging fruit" they may be missing – Bloodhound 30:00 – Cycles where certain things can be exploited such as ActiveDirectory 30:50 – What other things do companies need to be watching for 32:14 – PowerShell 33:44 – What are some action steps that corporations should start taking right now? 34:51 – Colleagues Jason respects most in the industry Andrew Morris founder of GreyNoise Dane Stuckey from Palantir Jason Hill from DHS CISA Bryan Beyer and Keith McCammon from Red Canary 36:50 – Jason's Book Recommendations Creativity Inc. Principles: Life and Work Get A Grip 38:31 – Wrap-Up @jasonjfrank on Twitter Jason J Frank on LinkedIn @joemontmania on Twitter (Ryan MacDougall) @HumanHacker on Twitter (Chris Hadnagy) @InnocentOrg on Twitter (Innocent Lives Foundation)

In this episode, Chris Hadnagy and Maxie Reynolds are joined by industry professional Jack Schafer, PhD. Dr. Schafer is a psychologist, professor, intelligence consultant, and former FBI Special Agent. Dr. Schafer spent fifteen years conducting counter-intelligence and counterterrorism investigations, and seven years as a behavioral analyst for the FBI's National Security Division's Behavioral Analysis Program. May 10, 2021 00:00 - Intro Social-Engineer.com Vishing as a Service (VaaS) Phishing as a Service (PHaaS) Black Hat Slack Channel Clutch Innocent Lives Foundation 03:32 - Introduction to Dr. Jack Schafer, PhD. 04:54 - How Jack decided to start training people in his field after retirement 07:46 - Why is rapport building important? 11:49 - How do you stop rapport from being used against you? 13:51 - Explaining "The Truth Bias" 15:37 - Rapport works across different cultures 18:15 - The basic human need to correct other people 19:28 - Integrating the knowledge of that need into work as an FBI agent - "Brian's Loop" 23:01 - People don't answer yes or no, they answer Yes+, No+, I Don't Know+ 23:19 - Flattery 25:13 - Roundabout vs Direct Approach 26:45 - The "right" way is the way that works for you 29:58 - The Truth "Default Mode" and breaking the baseline 33:05 - Verbal vs. Non-Verbal Cues 36:19 - Get A Commitment 37:36 - Why does getting a commitment work on humans? 39:50 - The Lip Purse 42:40 - Wrap Up The Like Switch The Truth Detector Emma 44:45 - Jack's Mentors 46:30 - Contact Jack Jack Schafer on LinkedIn Email: jackschafer500@yahoo.com 47:06 - Outro Maxie Reynolds on Twitter Maxie Reynolds on Instagram Chris Hadnagy on Twitter Social-Engineer on Instagram www.social-engineer.com www.social-engineer.org www.humanhackingconference.com www.humanhackingbook.com www.innocentlivesfoundation.org Social-Engineering Slack Channel CLUTCH

In this episode of the SECurity Awareness Series of the SEPodcast, Chris Hadnagy and Ryan MacDougall are joined by Ashley Rose, the CEO of Living Security. Listen in as they discuss the best methods to teach cybersecurity awareness, as well as the unique advantages when using escape rooms to do so. April 19, 2021 00:00 – Introduction Social-Engineer.com Slack Clutch 03:12 – Introduction to Ashley Rose 04:31 – Ashley's path into cybersecurity awareness 10:59 – Developing an escape room that teaches cybersecurity 15:02 – How Living Security adapted to the pandemic 22:16 – How Ashley gets the attention of potential clients 26:00 – Why "adaptive problem solving" is a vital skill 28:49 – How this training is increasing security awareness 30:47 – The industry's unhealthy focus on compliance 34:41 – The science that went into developing the training 36:49 – How training can be individualized to increase effectiveness 41:42 – Ashley's contact info www.livingsecurity.com Living Security on Twitter Ashley on LinkedIn Ashley on Twitter 42:28 – Ashley's most respected colleagues Venus Goodwine Chris Nickerson 44:40 – Ashley's action steps that corporations should start doing right now 49:06 – Ashley's book reccomendations The CEO Tightrope: How to Master the Balancing Act of a Successful CEO The Hard Thing About Hard Things: Building a Business When There Are No Easy Answers 50:13 – Outro Ryan on Twitter Chris on Twitter Ashley on Twitter Living Security on Twitter Ashley on LinkedIn Social-Engineer.org Social-Engineer.com The Innocent Lives Foundation

In this episode of the Social-Engineer podcast, Chris Hadnagy and Maxie Reynolds are joined by Dr. Ida Ngambeki, an Assistant Professor of Computer and Information Technology at Purdue University. Listen in as they discuss importance of empathy and the best ways to teach social engineering. April 12, 2021 00:00 – Intro Join Social-Engineering on Slack Clutch The Innocent Lives Foundation 03:25 – Introduction to Dr. Ida Ngambeki 04:20 – How Ida got into social engineering 08:45 – Teaching the next generation of social engineers 11:30 – Teaching the distinct aspects of social engineering 17:05 – The difference between a pentester and a malicious actor 19:01 – The importance of bias and assumptions 20:36 – Ida's unconventional path to social engineering expertise 24:42 – The importance of empathy in security education 27:50 – The three aspects of empathy 30:04 – Diversity in the information security industry 34:22 – Chris getting held at gunpoint 39:50 – The problem with fear-based pretexts 42:32 - Ida's industry mentors Donna Riley Demitra Evangelou Melisa Dark Alejandrah Magana William Gratiano Mark Rogers 45:14 – Ida's book recommendations Terry Pratchett The Secret Lives of Baba Segi's Wives Neil Gaiman The Tenth Muse Code Girls 47:59 – Ida's contact info cybersecurelab.com Purdue's Website 49:23 – Maxie's book The Art of Attack: Attacker Mindset for Security Professionals 51:02 - Outro Maxie on Twitter Chris on Twitter Social-Engineer on Twitter

In this episode of the SECurity Awareness Series of the SEPodcast, Chris Hadnagy and Ryan MacDougall are joined by Brian Phillips who is responsible for information security at Macy's. Listen as they discuss how to: build an information security organization, hire the right people, and get buy-in from executives. March 15, 2021 00:09 – Intro Social-Engineer.com Phishing As A Service® Vishing As A Service® 01:54 – Introduction to Brian Phillips 02:44 – Security in a retail environment and impacts from the pandemic 07:25 - How to build an information security organization from the ground up 10:14 – Changing an organization's mindset for better security 14:20 – The most desirable quality in a team member, and how to recognize it in an interview 18:21 – How to nurture an outsider into a security professional 22:48 - How to align corporate security initiatives with business goals Never Split the Difference: Negotiating As If Your Life Depended On It 26:38 – The importance of buy-in from the C-level down, and how to get it. 38:13 – Key takeaways that corporations should start doing now 40:17 – Brian's most respected colleagues Dave Kennedy Ed Skoudis John Strand Rob Fuller Carlos Perez 42:14 – Brian's book recommendations Never Split the Difference: Negotiating As If Your Life Depended On It Thinking, Fast and Slow Human Hacking: Win Friends, Influence People, and Leave Them Better Off for Having Met You How to Win Friends & Influence People Robin Dreke's Books: Sizing People Up: A Veteran FBI Agent's User Manual for Behavior Prediction It's Not All About Me: The Top Ten Techniques for Building Quick Rapport with Anyone The Code of Trust: An American Counterintelligence Expert's Five Rules to Lead and Succeed Joe Navarro's Books: Be Exceptional: Master the Five Traits That Set Extraordinary People Apart The Dictionary of Body Language: A Field Guide to Human Behavior What Every Body Is Saying: An Ex-FBI Agent's Guide to Speed-Reading People (more) Leaders Eat Last: Why Some Teams Pull Together and Others Don't 44:03 – Conclusion Ryan on Twitter Brian on Twitter Chris on Twitter Social-Engineer.org Social-Engineer.com The Innocent Lives Foundation Clutch

In this episode, Chris Hadnagy and Maxie Reynolds are joined by ex-FBI Spy Catcher and now world renowned Trust and Rapport expert, Robin Dreeke. Listen in as they discuss the importance of mentoring, TRUST and relationship building. - March 8, 2021 00:09 – Intro Social-Engineer.com 01:43 – Introduction to Robin Dreeke 03:35 – The importance of mentoring 09:37 – The levels of mentoring 11:05 – How to find a mentor 14:18 – How to choose a mentee 18:49 – Building genuine relationships and partnerships 21:11 – Teaching transparency 23:29 – Bringing value to a relationship and exercising transparency 25:45 – Try to understand the reasons behind a person's actions 33:13 – Figure out what kind of feedback a person needs 36:20 – Making empathy a habit 38:01 – When emotionally hijacked, utilize tactical empathy 41:17 – Is it better to confront or adapt to miscommunication? 47:08 – Robin's current projects and info PeopleFormula.com Robin on Twitter Robin on Facebook Robin on LinkedIn Robin on YouTube Human Hacking Conference: https://www.humanhackingconference.com/trainers/robin-dreeke/ 51:51 – Robin's most respected colleagues Joe Navarro Jack Schafer Jordan Harbinger Eric Hunley 52:55 – Robin's book recommendations Human Hacking: Win Friends, Influence People, and Leave Them Better Off for Having Met You Sizing People Up: A Veteran FBI Agent's User Manual for Behavior Prediction It's Not All About Me: The Top Ten Techniques for Building Quick Rapport with Anyone The Code of Trust: An American Counterintelligence Expert's Five Rules to Lead and Succeed How To Win Friends and Influence People Think Like a Monk: Train Your Mind for Peace and Purpose Every Day Never Split the Difference: Negotiating As If Your Life Depended On It Extreme Ownership (How U.S. Navy SEALs Lead and Win) Insight: Why We're Not as Self-Aware as We Think, and How Seeing Ourselves Clearly Helps Us Succeed at Work and in Life Hook Point: How to Stand Out in a 3-Second World Leaders Eat Last: Why Some Teams Pull Together and Others Don't 56:17 - Outro Maxie on Twitter Robin on Twitter Chris on Twitter Social-Engineer.org Social-Engineer.com The Innocent Lives Foundation Clutch

In this episode, Chris Hadnagy and Ryan MacDougall are joined by industry professional, Julie Rinehart. Julie has spent the last 10 years building and enhancing Fortune 500 enterprise Security Awareness programs. Listen as they discuss using empathy to improve security awareness and the flaws in the "stupid user" philosophy. 00:10 – Intro Phishing as a Service (PHaaS) Vishing as a Service (VaaS) Social Engineering Risk Assesment (SERA) SEVillage: The Human Hacking Conference Social-Engineer.com 01:56 – Introduction to Julie Rinehart 02:28 – How Julie got into the industry 06:21 – Dismantling the "stupid user" philosophy 07:53 – How to interview your employer 10:34 – The biggest milestones in Julie's career 14:31 – How you can encourage users to report the phish they clicked on 19:22– What we can learn from "people who try to do the right thing and then mess up" 25:25 – The benefits of making security personal 28:34 – Julie's biggest challenges in the industry 30:28 – Increase security awareness using gamification 35:13 – Julie's mentors and most respected colleagues 38:54 - Julie's podcast recommendations Armchair Expert (Episode 248 – David Farrier) The CyberWire Darknet Diaries 43:52 – Outro Ryan on Twitter Chris on Twitter Social-Engineer on Twitter Social-Engineer.org Social-Engineer.com SEVillage: The Human Hacking Conference Human Hacking Book The Innocent Lives Foundation Clutch

In this episode, Chris Hadnagy and Maxie Reynolds are joined by writer, speaker, business owner, and hype artist, Michael F. Schein. Michael shares the social engineering tactics he was able to learn from cult leaders and mischief makers. Find out how these often-manipulative tactics can be used for good. - Feb 8, 2021 00:09 – Introduction Social-Engineer.com 01:44 – Introduction to Michael F. Schein 02:30 – How Michael figured out that we can learn from cult leaders and mischief makers 10:38 - Influence through disruption 11:44 – Make war not love 13:21 – Basecamp: Simplicity by hating complexity 16:21 – Building hype requires confidence 18:15 – Focus on what you want to be known for 26:06 – Create a secret society 30:27 – How Michael socially engineered himself onto the podcast 35:34 – The positive side of hype 37:43 – Chris, Maxie and Michael's favorite music 43:03 – Michael's most respected colleague: Michael Roderick 44:21 – Michael's book recommendations: The Crowd: A Study of the Popular Mind Masters of Atlantis 47:10 – Michael's contact info Hype Book Club microfamemedia.com michaelfschein.com The Hype Handbook: 12 Indispensable Success Secrets From the World's Greatest Propagandists, Self-Promoters, Cult Leaders, Mischief Makers, and Boundary Breakers 48:39 – Outro Maxie on Twitter Maxie on Instagram Chris on Twitter Social-Engineer on Twitter Social-Engineer on Instagram Social-Engineer.org Social-Engineer.com The Innocent Lives Foundation Clutch

In this episode, Chris Hadnagy and Ryan MacDougall are joined by industry professional, Marcus Sailler to discuss his experience as the red team information security manager at Capital Group. Marcus shares some great tips on creating a successful security team and how you can prevent it from becoming the "No Police". They also go over the recent changes in the industry, including how big hacks have increased security awareness in the general public. 00:09 – Introduction to the new Security Awareness Series 01:28 – Introduction to Ryan MacDougall Phishing as a Service (PHaaS) Vishing as a Service (VaaS) Social-Engineer.com 02:32 – Introduction to Marcus Sailler 04:20 – How Marcus got into information security 06:08 – Recent changes in the infosec industry- How a big hack increases security awareness 12:09 – How a red team and security awareness team can collaborate to enhance security 14:25 – Introduction to Capital Group 16:17 – Coming up with relevant attacks for a global company 18:08 – How a security team can avoid becoming the "No Police" 21:39 – Why it's better to build a blue team first 22:24 – The importance of attitude and ego for a red teamer 25:04 – How a red team benefits from partnership 26:53 – Emulate the bad guy, but remember to be good 29:18 – Steps corporations should implement now 30:58 – Some of Marcus' most respected industry professionals Chris Hadnagy David McGuire Jason Frank Jeff Dimmock David Kennedy Amanda Berlin Ian Coldwater Rachel Tobac 34:47 – Marcus' book recommendations Sizing People Up: A Veteran FBI Agent's User Manual for Behavior Prediction The 5 Love Languages: The Secret to Love that Lasts 39:18 – Marcus' contact info LinkedIn Twitter 14:38 – Outro Social-Engineer.org Social-Engineer.com The Innocent Lives Foundation SEVillage: The Human Hacking Conference Human Hacking Book Website Human Hacking Book Amazon Clutch Chris on Twitter Social-Engineer on Twitter

In this special episode, Chris Hadnagy joins Maxie Reynolds to talk about the amazing stories and useful lessons contained in Chris's new book: "Human Hacking: Win Friends, Influence People, and Leave Them Better Off for Having Met You". Listen as Chris delves into the process of making "Human Hacking" and shares the awesome story behind its inception. Maxie and Chris also discuss the importance of empathy especially when it comes to hacking humans. Chris a global security expert and master hacker. He is the founder and CEO of Social-Engineer, LLC, the creator of the popular Social Engineer Podcast, website, and newsletter, and designed "Advanced Practical Social Engineering," the first hands-on social engineering training course and certification for law enforcement, military, and private sector professionals. 00:09 – Introduction to Maxie Reynolds 02:13 – Introduction to Christopher Hadnagy's brand-new book: "Human Hacking: Win Friends, Influence People, and Leave Them Better Off for Having Met You" 02:51 – Human-hacking is a skill that can be used in everyday life by everyday people 04:19 – What it means to "Leave Them Better Off for Having Met You" 05:50 – "The martial art of the mind" and how a malicious person could use it for harm 07:39 – Empathy and why it is so important when hacking humans 09:21 – Showing empathy while amygdala hijacked 11:40 – Empathy is more than just putting yourself in someone else's shoes 14:15 – Empathy is often hierarchical 16:33 – The power of "I'm sorry" 18:02 – Why understanding the meaning behind someone's actions is so important 21:48 – Accuracy of the stories told in the book 24:15 – The process of co-authoring the book with Seth Schulman 26:43 – The amazing story of how the book came to be 31:16 – How to fight the isolation and social awkwardness brought by technology and, more recently, COVID-19. 34:46 – Giving your feedback on the book 36:20 – A distillation of the "Advanced Practical Social Engineering" course, made applicable to everyone 40:50 – Socially engineering the world's best rock band 43:51 - "Quick Fire Questions": 44:04 – Chris's favorite story in the book 45:04 – Is there a stage in child development where less empathy is shown? 46:10 – Would the new book have helped teenage Chris? 48:01 – Is it as nicer to feel empathy yourself or receive it from someone else? 49:49 – Balance is required when teaching empathy. 51:19 – How we can all better our communities by learning to "Win Friends, Influence People, and Leave Them Better Off for Having Met You" 53:35 – Chris's book recommendations Without Conscience: The Disturbing World of the Psychopaths Among Us Antifragile: Things That Gain from Disorder The Dictionary of Body Language: A Field Guide to Human Behavior 54:56 – Outro Human Hacking Book Website Human Hacking Book Amazon Maxie on Twitter Chris on Twitter Social-Engineer on Twitter SEVillage: The Human Hacking Conference Social-Engineer.org Social-Engineer.com The Innocent Lives Foundation Clutch