This episode is sponsored by the CIO Scoreboard
Chris Hadnagy specializes in understanding how malicious attackers exploit human communication and trust to obtain access to information and resources through manipulation and deceit. His goal is to secure companies by educating them on the methods used by attackers, identifying vulnerabilities, and mitigating issues through appropriate levels of awareness and security.
Chris, is the founder and CEO of Social-Engineer. Chris possesses over 16 years experience as a practitioner and researcher in the security field. His efforts in training, education, and awareness have helped to expose social engineering as the top threat to the security of organizations today. What I found fascinating from Chris’ bio is that he is a certified Expert Level graduate of Dr. Paul Ekman’s Micro Expressions courses, having made the study of non-verbal behaviors one of his specialties.
He established the world’s first social engineering penetration testing framework at http://www.social-engineer.org/, providing an invaluable repository of information for security professionals and enthusiasts. The site grew into a dynamic web resource including a podcast and newsletter, which have become staples in the security industry and are referenced by large organizations around the world. Chris also created the first hands-on social engineering training course and certification, Advanced Practical Social Engineering.
A sought-after writer and speaker, Chris has spoken and trained at events such as RSA, Black Hat, and various presentations for corporate and government clients. Chris is also the best-selling author of three books. My favorite was Phishing Dark Waters: The Offensive and Defensive Sides of Malicious Emails , which is his latest that I read.
Major take – aways from this episode are:
- Reminder: you can download the transcript of the entire interview at redzonetech.net/podcast.
- A classic story of a Social Engineering hack that Chris did is at the 12 minute mark and is a great example that will remind you of what you need to do to train employees.
- The importance of the brain and amygdala as it relates to IT Security.
- The importance of the psychology of security.
- The importance of non-verbal facial expression and body language.
- How to trigger empathy and compassion in a target which really shows how this method is so effective.
- The role of mirror neurons.
- You will understand the brain and how it reacts to fear, emotion, and danger in relation to social engineering hacks.
- @ 35 minutes learn about What is a BEC Scam – Business Email Compromise and how to avoid it.
- The difference between Whaling, Vishing, and Phishing.
I have linked up all the show notes on redzonetech.net/podcast when you can get access to Chris Hadnagy’s books and publications.
How to get in touch with Chris Hadnagy
- Phishing Dark Waters: The Offensive and Defensive Sides of Malicious Emails
- Unmasking the Social Engineer: The Human Element of Security
- Social Engineering: The Art of Human Hacking
- Published Articles
This episode is sponsored by the CIO Scoreboard, a powerful tool that helps you communicate the status of your IT Security program visually in just a few minutes.
* Outro music provided by Ben’s Sound
Leave a Review
If you enjoyed this episode, then please consider leaving an iTunes review here
Click here for instructions on how to leave an iTunes review if you’re doing this for the first time.
About Bill Murphy
Bill Murphy is a world renowned IT Security Expert dedicated to your success as an IT business leader. Follow Bill on LinkedIn and Twitter.