Never Surrender: Reducing Social Engineering Risk

Posted on Posted in SecConf


The weakest link in the security chain is often between the keyboard and the chair. People are a problem. We have a natural instinct as humans to trust someone’s word. Although various technical means have been developed to cope with security threats, human factors have been comparatively neglected.

Once you put a human in a security chain, you have a weakness. That problem should be addressed by security practitioners, not every member of an organization. Very few would disagree that social engineering is the the most common and least challenging way to compromise an organization, but most accept the notion that there isn’t much they can do about it. False!

This talk will focus on the psychological, technical, and physical involvement of social engineering, and also look at how we can remove the human element of the human problem. We will explore what organizations are doing wrong, also the processes and technical controls that can be put in place to achieve a strong social engineering defense.

We’ll template a solution that can be customized. What will really help? What is the truth? What if we don’t want to surrender our organization to social engineers?


Rob Ragan: As a Senior Security Associate at Bishop Fox, Rob Ragan leads a team of highly skilled penetration testers. With over a decade of experience building and breaking systems, Rob specializes in application security, source code review, social engineering, wireless, mobile, and network penetration testing. Rob actively conducts security research and has repeatedly presented at Black Hat, DEFCON, InfoSec World, SyScan 360, SummerCon, and Outerz0ne. He is also a contributing author to Hacking Exposed Web Applications 3rd Edition.

Christina Camilleri: Christina is a security analyst at Bishop Fox by day and is a breaker of things by night. She specializes in web application penetration testing and social engineering; not only the psychological and physical involvement of social engineering, but also the manipulation and social influencing techniques that are able to exploit the behaviour of others. She has attended and presented at local and international conferences on social engineering and has won highest scoring OSINT report for two years in a row in the DEFCON Social Engineering CTF. She’s an active and passionate contributor in the infosec industry, and a strong believer in user privacy, free expression, and innovation.



Quelle: BSidesPGH