The Social-Engineer Podcast

In this episode, Chris Hadnagy is joined by Teresa Abram. Teresa is the founder of Handwriting P.I., a full-service handwriting analysis business. Teresa is not only a handwriting analyzer, but also a professional personality investigator who can spot the red flags of a dangerous personality, identify someone's strengths, and uncover what is holding someone back. Teresa's interest in handwriting started when she was just 14 years old and has led her to hosting her own podcast, "A Most Unusual T Party" where she uses the letter T to unlock pieces of a person's story...which is fascinating to listen to! July 12, 2021 00:00: Intro www.social-engineer.com Managed Voice Phishing Managed Email Phishing Adverserial Simulations Social-Engineer channel on SLACK CLUTCH Innocent Lives Foundation 03:01: Teresa Abram Intro Handwriting P.I. A Most Unusual T Party 05:00: How did you get into this at 14 years old? 07:50: How does one practice handwriting analysis? 09:05: What is scary handwriting? Psychopath scale. 10:00: Chris' handwriting 11:20: Can you fool handwriting analysis? 14:00: Can this be used by companies to vet potential employees? 16:05: InfoSec and Handwriting are similar. All science is accurate until it's not. 18:35: Universal gestures 21:53: Discussion about Social-Engineer COO Ryan 24:19: Does Handwriting PI do handwriting analysis for employers? Combined with other disciplines. 26:31: Chris' handwriting sample 27:23: Banned by Hitler as witchcraft 28:16: How long has handwriting analysis been around? 28:51: Can you analyze in different languages? How? Incongruency Methods 34:06: Methodology continued. Turning the paper over. Go to the letter "t". 37:21: How long does handwriting analysis take to do? 38:12: What is another way you work with companies? 39:30: Wrap-up Teresa on the internet: Instagram: Handwriting_PI Website: www.handwritingpi.ca 40:47: Teresa's mentor - Sheila Lowe, President of the American Handwriting Analysis Foundation 41:54: Favorite Books: The Wisdom of Psychopaths by Kevin Dutton Illusions by Richard Beck 44:00: How old is Teresa's Daughter? And how did she like having a Mom who would read her handwriting? 46:00: Outro www.pro-rock.com www.innocentlivesfoundation.org Chris Hadnagy on Twitter - @HumanHacker

12 Jul 202146min

In this episode, Chris Hadnagy and Ryan MacDougall are joined by Rockie Brockway. Rockie is currently the Practice Lead for the Office of the CSO for TrustedSec. With over 28 years' experience in information security and business risk, Rockie specializes in Business Risk Analysis and the inherent relationships between data, assets, adversaries, and the organization's brand value. He provides strategic and tactical advisory services to TrustedSec's clients, assisting them in maturing their organizations' security programs. 00:00 – Intro Social-Engineer.com Social-Engineer.org InnocentLivesFoundation.org SE Vishing Service SE Phishing Service Social-Engineer Slack Channel Pro-Rock.com Breaking Security Awareness Virtual Conference by Living Security – Chris will appear June 24 03:35 – Rockie Brockway Intro https://www.trustedsec.com/team/rockie-brockway/ https://www.linkedin.com/in/rockie-brockway-6416349/ https://bsidescleveland.com 07:25 – A little about Rockie's background and how he got started in the industry 10:35 – Rockie's feelings on the past 29 years, from the first virus he saw vs what we see now 12:35 – Rockie was in a math rock band called Craw, Rockie played shows with CLUTCH!!! 17:15 – What should I have or learn to get a job in a company like yours? 20:55 - Practical Social Engineering certification 21:52 – How do you take curious and knowledgeable people's knowledge and bridge that gap between them and the decision makers? 23:43 – How can young people get the qualities you suggest? 25:20 – Never be afraid of failure 27:45 – How important is top-down leadership support, or what are the most important aspects of doing your job? 31:25 – Are there more or less "future thinking" proactive security concerns than there were years ago? 36:02 – What level of organizations are bringing you in for your assistance? 37:28 – Action steps for corporations to start doing now Outro 40:42 – Colleagues you respect most in the industry Dr Peter Tippett Marty from Snort Renaud from Nessus Dave Kennedy and TrustedSec GitHub Jack Jones - Factory Analysis Information Risk B Sides Jack Daniel, Nickerson, Ian Emit 42:45 – Book recommendations Learning from the Octopus Emergence Tribe – Sebastian Younger The Martian – Andy Weir Artemis 44:33 – How to contact Rockie Twitter @rockiebrockway Twitter @bsidescleveland Rockie Brockway on Linkedin TrustedSec.com

16 Jun 202147min

In this episode, Chris Hadnagy and Maxie Reynolds are joined by one of our greatest friends and mentors, Joe Navarro. After serving as an FBI agent for 25 years, Joe has become a nonverbal and behavioral expert. Since retiring, he has authored 14 books in 29 languages dealing with human behavior and body language. His book "What Every BODY Is Saying" remains the #1 selling body-language book in the world for over 12 years.  Joe's new book "Be Exceptional" brings 40 years of his observations and research into one book. 00:00 – Intro Social-Engineer.com Social-Engineer.org InnocentLivesFoundation.org SE Vishing Service SE Phishing Service Security Assessments Certified Training Programs Adversarial Simulations Social-Engineer channel on SLACK CLUTCH June 24th: Chris at Living Security 2nd annual Breaking Security Awareness (digital conference for 2021) 03:54 – Joe Navarro Intro www.jnbodylanguageacademy.com  https://www.jnforensics.com/media  https://www.jnforensics.com/books  www.twitter.com/navarrotells  05:40 – Discussion on Joe's newest book, "Be Exceptional". Why a book about being exceptional? 08:41 – Is the writing style in the new book purposely like the others, where you compiled people's behavior? Did you start writing with this idea, or did the book come about after you had cataloged it all? 13:16 – What is the difference between excellence and perfection? 15:13 – "Whoever provides the most psychological comfort is going to be the soonest winner" 16:23 – Excellence is about experience and the journey 18:34 – How does someone get to the place where they have mastery over their emotions? 22:50 – How do you get people to have self-awareness and humility? 24:05 – Self-Mastery 26:12 – What is the ranking of success, if it's not "counting possessions"? 28:15 – How much of excellence is habit? Is any of excellence based on genetics? 29:18 – Thoughts on Usain Bolt and other runners achieving excellence 32:44 – Thoughts on Benjamin Franklin achieving excellence 39:42 – "Be Exceptional" comes out June 29, a bit of discussion about book release 41:02 – Wrap Up How to contact Joe: www.joenavarro.net www.jnbodylanguageacademy.com www.jnforensics.com Joe Navarro on Twitter: @NavarroTells 42:01 – Favorite Books The Giving Tree The Gift of Fear The Desert Queen The Power of Myth – Joseph Campbell Heroditus – The History 44:22 – Joe's Mentors Mom, Dad, Grandma  Jack Schafer  David Givens  Gerald Post – CIA  47:12 – Outro www.social-engineer.org – newly redesigned www.social-engineer.com www.innocentlivesfoundation.org

14 Jun 202148min

In this episode, Chris Hadnagy and Ryan MacDougall are joined by Jason Frank. Jason has an extensive background in helping both government and Fortune 100 organizations, and has served a course instructor for the Black Hat security conference. Jason is now currently the COO at SpecterOps, where he is accountable for execution of the company. He oversees the Adversary Simulation and Detection delivery capabilities, where he helps clients to understand, detect, and respond to adversaries. May 17, 2021 00:00 – Intro Social-Engineer.com Social-Engineer.org InnocentLivesFoundation.org Human Hacking Book Vishing as a Service (VaaS) Phishing as a Service (PHaaS) HumanHackingBook.com Slack Channel @HumanHacker on Twitter CLUTCH 03:05 – Podcast Guest Jason Frank Intro 03:22 – Jason at BlackHat 03:30 - SpecterOps 04:34 – How Jason got to where he is 08:50 – Curiousity and motivation born from failing at a CTF 09:50 – Adversary Simulation – why is Jason using this phrase? 12:32 – Where are we in the current security culture? 16:11 – How to get attention of stakeholders, what concepts do you put in play? 18:03 – Reactive vs. Proactive 21:56 – How can corporations prepare for and mitigate attacks? 23:39 – What are the business repercussions of not letting machines talk to each other, and only the server? 25:45 – What are the more recent attacks you've seen coming up that people should be looking for? 28:14 – Knowledge bombs – terminology that people can look up to recognize "low hanging fruit" they may be missing – Bloodhound 30:00 – Cycles where certain things can be exploited such as ActiveDirectory 30:50 – What other things do companies need to be watching for 32:14 – PowerShell 33:44 – What are some action steps that corporations should start taking right now? 34:51 – Colleagues Jason respects most in the industry Andrew Morris founder of GreyNoise Dane Stuckey from Palantir Jason Hill from DHS CISA Bryan Beyer and Keith McCammon from Red Canary 36:50 – Jason's Book Recommendations Creativity Inc. Principles: Life and Work Get A Grip 38:31 – Wrap-Up @jasonjfrank on Twitter Jason J Frank on LinkedIn @joemontmania on Twitter (Ryan MacDougall) @HumanHacker on Twitter (Chris Hadnagy) @InnocentOrg on Twitter (Innocent Lives Foundation)

17 Mai 202141min

In this episode, Chris Hadnagy and Maxie Reynolds are joined by industry professional Jack Schafer, PhD. Dr. Schafer is a psychologist, professor, intelligence consultant, and former FBI Special Agent. Dr. Schafer spent fifteen years conducting counter-intelligence and counterterrorism investigations, and seven years as a behavioral analyst for the FBI's National Security Division's Behavioral Analysis Program. May 10, 2021 00:00 - Intro Social-Engineer.com Vishing as a Service (VaaS) Phishing as a Service (PHaaS) Black Hat Slack Channel Clutch Innocent Lives Foundation 03:32 - Introduction to Dr. Jack Schafer, PhD. 04:54 - How Jack decided to start training people in his field after retirement 07:46 - Why is rapport building important? 11:49 - How do you stop rapport from being used against you? 13:51 - Explaining "The Truth Bias" 15:37 - Rapport works across different cultures 18:15 - The basic human need to correct other people 19:28 - Integrating the knowledge of that need into work as an FBI agent - "Brian's Loop" 23:01 - People don't answer yes or no, they answer Yes+, No+, I Don't Know+ 23:19 - Flattery 25:13 - Roundabout vs Direct Approach 26:45 - The "right" way is the way that works for you 29:58 - The Truth "Default Mode" and breaking the baseline 33:05 - Verbal vs. Non-Verbal Cues 36:19 - Get A Commitment 37:36 - Why does getting a commitment work on humans? 39:50 - The Lip Purse 42:40 - Wrap Up The Like Switch The Truth Detector Emma 44:45 - Jack's Mentors 46:30 - Contact Jack Jack Schafer on LinkedIn Email: jackschafer500@yahoo.com 47:06 - Outro Maxie Reynolds on Twitter Maxie Reynolds on Instagram Chris Hadnagy on Twitter Social-Engineer on Instagram www.social-engineer.com www.social-engineer.org www.humanhackingconference.com www.humanhackingbook.com www.innocentlivesfoundation.org Social-Engineering Slack Channel CLUTCH

10 Mai 202148min

In this episode of the SECurity Awareness Series of the SEPodcast, Chris Hadnagy and Ryan MacDougall are joined by Ashley Rose, the CEO of Living Security. Listen in as they discuss the best methods to teach cybersecurity awareness, as well as the unique advantages when using escape rooms to do so. April 19, 2021 00:00 – Introduction Social-Engineer.com Slack Clutch 03:12 – Introduction to Ashley Rose 04:31 – Ashley's path into cybersecurity awareness 10:59 – Developing an escape room that teaches cybersecurity 15:02 – How Living Security adapted to the pandemic 22:16 – How Ashley gets the attention of potential clients 26:00 – Why "adaptive problem solving" is a vital skill 28:49 – How this training is increasing security awareness 30:47 – The industry's unhealthy focus on compliance 34:41 – The science that went into developing the training 36:49 – How training can be individualized to increase effectiveness 41:42 – Ashley's contact info www.livingsecurity.com Living Security on Twitter Ashley on LinkedIn Ashley on Twitter 42:28 – Ashley's most respected colleagues Venus Goodwine Chris Nickerson 44:40 – Ashley's action steps that corporations should start doing right now 49:06 – Ashley's book reccomendations The CEO Tightrope: How to Master the Balancing Act of a Successful CEO The Hard Thing About Hard Things: Building a Business When There Are No Easy Answers 50:13 – Outro Ryan on Twitter Chris on Twitter Ashley on Twitter Living Security on Twitter Ashley on LinkedIn Social-Engineer.org Social-Engineer.com The Innocent Lives Foundation

19 Apr 202152min

In this episode of the Social-Engineer podcast, Chris Hadnagy and Maxie Reynolds are joined by Dr. Ida Ngambeki, an Assistant Professor of Computer and Information Technology at Purdue University. Listen in as they discuss importance of empathy and the best ways to teach social engineering. April 12, 2021 00:00 – Intro Join Social-Engineering on Slack Clutch The Innocent Lives Foundation 03:25 – Introduction to Dr. Ida Ngambeki 04:20 – How Ida got into social engineering 08:45 – Teaching the next generation of social engineers 11:30 – Teaching the distinct aspects of social engineering 17:05 – The difference between a pentester and a malicious actor 19:01 – The importance of bias and assumptions 20:36 – Ida's unconventional path to social engineering expertise 24:42 – The importance of empathy in security education 27:50 – The three aspects of empathy 30:04 – Diversity in the information security industry 34:22 – Chris getting held at gunpoint 39:50 – The problem with fear-based pretexts 42:32 - Ida's industry mentors Donna Riley Demitra Evangelou Melisa Dark Alejandrah Magana William Gratiano Mark Rogers 45:14 – Ida's book recommendations Terry Pratchett The Secret Lives of Baba Segi's Wives Neil Gaiman The Tenth Muse Code Girls 47:59 – Ida's contact info cybersecurelab.com Purdue's Website 49:23 – Maxie's book The Art of Attack: Attacker Mindset for Security Professionals 51:02 - Outro Maxie on Twitter Chris on Twitter Social-Engineer on Twitter

12 Apr 202153min

In this episode of the SECurity Awareness Series of the SEPodcast, Chris Hadnagy and Ryan MacDougall are joined by Brian Phillips who is responsible for information security at Macy's. Listen as they discuss how to: build an information security organization, hire the right people, and get buy-in from executives. March 15, 2021 00:09 – Intro Social-Engineer.com Phishing As A Service® Vishing As A Service® 01:54 – Introduction to Brian Phillips 02:44 – Security in a retail environment and impacts from the pandemic 07:25 - How to build an information security organization from the ground up 10:14 – Changing an organization's mindset for better security 14:20 – The most desirable quality in a team member, and how to recognize it in an interview 18:21 – How to nurture an outsider into a security professional 22:48 - How to align corporate security initiatives with business goals Never Split the Difference: Negotiating As If Your Life Depended On It 26:38 – The importance of buy-in from the C-level down, and how to get it. 38:13 – Key takeaways that corporations should start doing now 40:17 – Brian's most respected colleagues Dave Kennedy Ed Skoudis John Strand Rob Fuller Carlos Perez 42:14 – Brian's book recommendations Never Split the Difference: Negotiating As If Your Life Depended On It Thinking, Fast and Slow Human Hacking: Win Friends, Influence People, and Leave Them Better Off for Having Met You How to Win Friends & Influence People Robin Dreke's Books: Sizing People Up: A Veteran FBI Agent's User Manual for Behavior Prediction It's Not All About Me: The Top Ten Techniques for Building Quick Rapport with Anyone The Code of Trust: An American Counterintelligence Expert's Five Rules to Lead and Succeed Joe Navarro's Books: Be Exceptional: Master the Five Traits That Set Extraordinary People Apart The Dictionary of Body Language: A Field Guide to Human Behavior What Every Body Is Saying: An Ex-FBI Agent's Guide to Speed-Reading People (more) Leaders Eat Last: Why Some Teams Pull Together and Others Don't 44:03 – Conclusion Ryan on Twitter Brian on Twitter Chris on Twitter Social-Engineer.org Social-Engineer.com The Innocent Lives Foundation Clutch

15 Mar 202147min