Social Engineers are Jerks. Equipping Your Staff to Deal With Them and Get You in the Loop.

ABSTRACT

When most people realize that they are social engineering targets, it is stressful for them. In this moment of
stress and pressure, they will now make a decision that will affect the security of your organization and its
data. It is easy in a post-mortem to examine details carefully, identify clues and mistakes, and understand
with 20/20 hindsight the path someone should have taken. What can we do to equip our staff to make better decisions
when they don’t have these luxuries?

This presentation will examine the ways people respond when they become aware they are being social engineered
(hear the audio!). It will describe a case study of targeted awareness and prevention training to help staff
respond to suspicious calls/emails, communicate with each other and report appropriately.

Participants will learn:
– Why it is stressful to be a social engineering target and how social engineers use that to achieve their goals
– Approaches to help staff respond well when faced with inappropriate information requests

SPEAKER

Jen Fox is a Sr. Security Consultant at VioPoint. She holds the DEF CON 23 Social Engineering Capture The Flag (SECTF) black badge.

When she isn’t asking people for their passwords or gaining unauthorized access to secured areas, she provides awareness training, risk management and compliance services for clients.