Mon, 20 December 2021
This month, Chris Hadnagy and Ryan MacDougall are joined by Adam Levin. Adam is a nationally recognized expert on cybersecurity, privacy, identity theft, fraud, and personal finance and has distinguished himself as a fierce consumer advocate for the past 50 years. Adam is the former Director of the New Jersey Division of Consumer Affairs, and currently is the founder of CyberScout and co-founder of Credit.com. He is also author of the critically acclaimed book Swiped: How to Protect Yourself in a World Full of Scammers, Phishers, and Identity Thieves. Adam is also the host of the podcast What the Hack with Adam Levin, where they talk to fascinating people about the most terrifying things that ever happened to them in cyberspace. December 20, 2021 00:00 – Intro
03:26 - Adam Levin Intro 04:37 – How did you get started in the industry? 07:42 – What has the shift been like in the types of attacks from the 90s until now? 09:53 – How does the recent Robinhood breach tie into what we’re discussing? 12:00 – What should people be focusing on when they hear stories like this? 14:28 – Do these simplistic solutions really work? 18:45 – What type of advice would you give to companies that have public facing employees? 20:22 – You said something interesting earlier, “the company has to deal with it empathetically”. What does that mean to you? 24:51 – Empathy, continued 30:22 – What do you see coming in the near future, what types of scams will become popular? 33:53 – What are some things people can look out for to avoid scams? 38:20 – Do you find that catastrophe and the emotional factor is used to get people to fall for scams? 41:39 – Finding Adam on the web: 42:57 – What are some action steps corporations can take to protect themselves? 45:13 – Who is your greatest mentor?
47:40 – Book Recommendations
49:16 – Outro
Direct download: Ep._160_-_Security_Awareness_Series_-_Go_To_The_Source_So_Theres_No_Remorse_with_Adam_Levin.mp3
Category:Security Awareness -- posted at: 2:00am EDT |
Mon, 13 December 2021
This month Chris Hadnagy is joined by our good friend, Anne-Maartje Oud. For 20 years Anne-Maartje has been a behavioral advisor, consultant, chairwoman, and keynote speaker. On top of that she is the CEO and founder of The Behavior Company based in Amsterdam where she helps customize personal development programs for companies and organizations worldwide. Anne-Maartje is also a trainer who gives lectures and training at several universities in the Netherlands. She is also going to be a trainer at the Human Behavior Conference in March 2022. [December 13, 2021] 00:00 – Intro
03:12 – Anne-Maartje intro 04:22 – What got you started in conflict resolution? 06:23 – Can you teach people to control behavior that’s based on emotion? 08:53 – Before words come out, what would you tell someone to do to not react and show that emotion? 12:30 – How do you start a conversation that leads to some benefit? 15:35 – What if that doesn’t work? 17:41 – How do you instruct people to remember it all? 19:51 – How important is understanding for managers and leaders? 20:52 - How would you instruct managers to go about learning this? 22:27 – Do you find that companies that have upper level management that focus on behavioral analysis have less conflict down the ladder? 27:01 – HuBe Con – what will you do there? 29:24 – Joe Navarro co session – what is that session all about? 36:51 – Finding Anne Maartje on the web: 37:39 – Book Recommendations: Shakespeare’s Plays – favorite is Hamlet 39:24 – Who would you consider your biggest mentors? 41:09 – Outro
Direct download: Ep._159_-_Human_Element_Series_-_Can_You_Fly_A_Helicopter_with_Anne-Maartje_Oud.mp3
Category:Human Element Series -- posted at: 2:00am EDT |
Mon, 15 November 2021
This month, Chris Hadnagy and Ryan MacDougall are joined by Paul Asadoorian. Paul is the founder of Security Weekly, a security podcast network. Paul spends time “in the trenches” coding in Python, testing security products and evaluating and implementing open-source software. Paul's career began by implementing security programs for a lottery company and then a large university. As Product Evangelist for Tenable Network Security, Paul also built a library of materials on the topic of vulnerability management. When not hacking IoT devices, web applications or Linux, Paul can be found researching his next set of headphones, devices for smoking meat, and e-bikes. November 15, 2021. 00:00 – Intro 03:34 – Paul Asadoorian Intro 05:08 – How did you get started in infosec? 13:19 – When did you decide you were going to start a podcast? 24:26 – What have you learned from the guests you’ve had on your podcasts over all of these years? 27:00 – What is your perspective on the shifting of hacking culture in the community? 34:53 – What are the best qualities someone could have to be attractive to a potential employer in this industry? 37:14 – How do we get the younger generation to have the qualities we are not seeing? 41:38 – Who is your greatest mentor?
46:00 – Book Recommendations 51:00 – Guest Wrap Up 53:31 – Outro
Direct download: Ep._158_-_Security_Awareness_Series_-_Dont_Act_Old_And_Other_Advice_with_Paul_Asadoorian.mp3
Category:Security Awareness -- posted at: 2:00am EDT |
Mon, 8 November 2021
This month, Chris Hadnagy is joined by Marilise de Villiers. Marilise is a mindset and performance coach, a TEDX speaker, and a cybersecurity awareness, culture, and talent expert. While at one time she was a female executive in a Big Four consulting firm she is now the founder and CEO of her own company, ROAR! Coaching and Consulting, which helps people find their purpose, their power, and gives people the courage to speak their truth. November 8, 2021
00:00 – Intro
04:35 – What made you leave an amazing corporate company and forge a path for yourself? 08:09 – How did you escape the bad things in your life and turn into a person who helps other people find their strength? 10:47 – How did you get out of the cycle of abuse? 14:42 – Figuring out the role you play and taking back the power 17:06 – Finding a hobby 21:00 – How did you come upon this trifecta of things to better yourself? 25:10 –What have you found is the overwhelmingly common problem that people have when you first start working with them on bettering themselves? 27:56 – Changing your “self” view 30:32 – What would be a suggestion to give someone to “start today”? 34:35 – How do you suggest people find balance when most of us have spent most of our lives being imbalanced? 37:20 – How has this life change for you affected your kids? 38:55 – Who do you consider your greatest mentors?
41:05 – What books would you recommend to our listeners?
-- 43:15 – How to find Marilise https://www.marilise-de-villiers.com https://www.linkedin.com/in/marilise-de-villiers-9184521a https://www.marilise-de-villiers.com/podcasts/roar-marilise-de-villiers 44:40 – Outro
Direct download: Ep._157_-_Human_Element_Series_-_Turn_Your_Mess_Into_Your_Message_with_Marilise_de_Villiers.mp3
Category:Human Element Series -- posted at: 2:00am EDT |
Mon, 18 October 2021
This month Chris Hadnagy and Ryan MacDougall are joined by Les Correia, who leads the evangelization of Estee Lauders Application Security. In his position Les wears many hats, but they are all worn with the mission of protecting Estee Lauders critical assets from the risk of a security breach. Prior to this, Les held Senior and Advisory roles providing thought leadership at companies such as AT&T and Lucent. Les also holds an MSc in Cyber Security as well as an exhaustive list of certifications. In his free time, Les pilots small aircraft and drives racecars. October 18, 2021 00:00 – Intro Human Behavior Conference – website coming soon 05:10 – Les Correia Intro 09:15 – How did you get into this industry? 12:05 – How are you trying to be proactive in stopping breaches? 14:00 – How important has top level support been? 15:03 – How do you get other business units to give you time for what you’re doing? 16:30 – Understanding the business like a business consultant helps them know you care about that business unit 20:19 Whisky 24:08 – What kind of attacks have you seen in the wild that people need to be aware of? 26:10 – How do we get people that may not think they can be a victim to understand these threats can still be against them? 27:55 – Being a worldwide company, how do you translate your security processes through all those different cultures? 32:01 – How important is it to have hobbies outside of your work? 34:41 – How do you help your team deal with burnout when you have so much work on your plate? 37:56 – Has there anyone you could consider your greatest mentor? Dr. Tafar INS (International Network Services) Dr. Patarsh 42:20 – Reaching Les on social media: QvittlbBgZseL100xP0S 43:12 – Outro
Direct download: Ep._156_-_Security_Awareness_Seriees_-_Are_You_Speaking_My_Language_with_Les_Correia.mp3
Category:Security Awareness -- posted at: 2:00am EDT |
Mon, 11 October 2021
This month Chris Hadnagy is joined by Dr. Jessica Barker. Jessica is an award-winning global leader in the human side of cyber security. She is Co-Founder and co-CEO of Cygenta, where she follows her passion of positively influencing cyber security awareness, behaviour and culture in organisations around the world. Jessica was also named one of the top 20 most influential women in cyber security in the UK and is the former Chair of ClubCISO. She is the author of the best-selling book Confident Cyber Security: how to get started in cyber security and futureproof your career AND co-author of Cybersecurity ABCs: delivering awareness, behaviours and culture change. October 11, 2021. 00:00 – Intro 04:21 - How did you get into cyber security? 06:48 – What were you researching before all that? 08:30 – How does human behavior influence technology? 10:00 – How has Covid-19 and the world scene impacted us when it comes to security? 14:26 – When we look on the internet at how aggressive people have gotten, and the anonymity has enabled people to be more terrible to each other, have you seen this aggression over the last 18 months affect security? 17:20 - Bullying 22:05 – Why is it looked at as “bad” to use bonuses when training people? 28:00 – What are the most positive ways to do it right? 32:37 – How would you suggest a company chooses the right “champion”? 36:26 – Finding Jessica on the web: Twitter: @drjessicabarker Instagram: @drjessicabarker 37:20 – Who is your greatest mentor? Jane Frankland – business leader in cyber security 39:37 - Favorite Books 43:26 – Outro
Direct download: Ep._155_-_Human_Element_Series_-_Positively_Influencing_Behavior_Change_with_Jessica_Barker.mp3
Category:Human Element Series -- posted at: 2:00am EDT |
Mon, 20 September 2021
In this episode, Chris Hadnagy and Ryan MacDougall are joined by Ed Skoudis. Ed is a SANS Institute Fellow, Instructor, and Director of Cyber Ranges. He is the founder of Counter Hack, an innovative cyber security company that works as trusted information security advisors to government, military, and commercial enterprises by providing in-depth security architecture, penetration testing, red teaming, incident response, and digital forensics expertise. Ed frequently presents industry keynotes based on the latest attack vectors he identifies during his team’s penetration testing projects, expert witness work on large-scale breaches, security research into late-breaking malware and exploits, and incident response engagements. Over his career, Ed has taught over 20,000 students in computer incident response and penetration testing. Ed and his team are also the creators of the SANS Holiday Hack Challenge, a free gift to the community every December challenging tens of thousands of people to build their cyber security skills in a fun, quirky adventure to save the holiday season. September 20, 2021 00:00 – Intro 03:26 – Ed Skoudis Intro 05:26 – How did you get started, how did you get into this field? 09:18 – What do you looking for when building your team? 10:47 – How long will you observe a person to determine if they have the integrity or skill that you want? 12:44 – What advice would you give for companies to find people with the skill and integrity they need more quickly than observing them for 2-4 years? 22:00 – “Nothing new” in social engineering vs infosec, which is constantly changing 23:45 – Why do you feel experience like participating in CTF’s are so valuable for people in this community? 28:57 – What is your advice for people on how to find quality CTF’s? 32:04 – How long does it take your team to construct these challenges? 35:54 – If someone wants to sponsor this event, where can they go? 36:42 – Who are the colleagues or mentors that have been most influential to you, people you wouldn’t be where you are today if not for them? Ed’s Nana – Evelyn Hiddings Manager at Bellcore - Miriam Hernandez Cagle SANS instructor, founder of In Guardians - Mike Poor Security Expert - Johnny Long SANS founder – Alan Paller 40:30 – What are some action steps corporations should start doing right now based on the advice you gave today to build a great team? Have a good corporate culture and leadership Be thoughtful and meaningful, make it fun, and challenge them Take input from your team and empower them 43:09 – Do you have any advice for employees dealing with burnout, how to practice self-care, or other coping mechanisms? Monthly meeting with state of the business, business reflections Rituals – Get a bagel and call mom on Saturdays, morning walk, calling friends out of the blue Gratefulness – when stressed, pause and think about what you’re grateful for Get off social media for a few days 50:27 – Book Recommendation 51:53 – Outro
Direct download: Ep._154_-_Security_Awareness_Series_-_Whispering_Sweet_Security_Nothings_with_Ed_Skoudis.mp3
Category:Security Awareness -- posted at: 2:00am EDT |
Mon, 13 September 2021
In this episode, Chris Hadnagy is joined by Dr. Cortney Warren. Dr. Warren is a Board-Certified Clinical Psychologist and former tenured Associate Professor of Psychology at the University of Nevada, Las Vegas (UNLV). She is an expert on addictions, self-deception, eating pathology, and the practice of psychotherapy from a cross-cultural perspective. In addition to publishing in some of the field’s top scientific, peer-reviewed journals, Dr. Warren is passionate about bringing theoretically grounded, empirically-supported psychological research to the general public. So, in addition to her academic work, Dr. Warren is a research consultant, keynote speaker, and writes a blog for Psychology Today. September 13, 2021
00:00 – Intro 02:10 – Cortney Warren Intro 03:35 – How did you get started? 07:28 – Why is it so hard to be honest with ourselves? 10:01 – What gets the person from “it’s easy to lie to myself” to “I’m readily open to admit this” 13:25 – Admitting the truth is just the first step 13:20 – There are certain ways humans lie to themselves. One of them is “The Specialness Fallacy” 17:43 – How do people make the change in someone who doesn’t want to make the change, they’re not at that point yet? 21:45 – Is self-deception the same in every culture? 25:47 – Is there a particular culture that is more honest with themselves than others? 28:12 – Why is bringing research to the public such a mission for you? 31:41 – How do we make the change out of self-deception? 41:30 – Have you helped people in abusive relationships with your methods? 44:31 – When does your book come out? 44:47 – How to reach Cortney: Facebook: https://www.facebook.com/CortneySWarren Twitter: https://twitter.com/DrCortneyWarren Instagram: https://www.instagram.com/cortneywarren/ 45:37 – Who is your greatest mentor? My mother, Karen J Warren 48:25 – Favorite Books: 50:16 – Outro
Direct download: Ep._153_-_Human_Element_Series_-_You_Are_Special_And_Other_Lies_With_Cortney_Warren.mp3
Category:Human Element Series -- posted at: 2:00am EDT |
Mon, 16 August 2021
In this episode, Chris Hadnagy and Ryan MacDougall are joined by Bernie Acre. Bernie is the Chief Information Officer for the City of Bryan, TX where he’s responsible for all technology and communications systems, including the Fire, Police, Public Works, the municipal electric utility, and a myriad of general support organizations. Bernie is currently an appointed Member of the Texas Cybersecurity Council. Bernie has a combined 41-years of experience in information technology; including 20+ in the US Air Force and 21 years in the electric utility industry and municipal government. August 16, 2021 00:00 – Intro 03:34 – Bernie Acre Intro 04:43 – How did your transition into this position take place? 08:18 – What makes you proud of the culture that you created around employee awareness? 12:25 – How do you get all senior management on board? 14:24 – What did it take to find the people to make such a great team? 15:35 – What were you looking for in these people 17:15 – Setting the bar 19:15 – Team Advocate vs. Adversary 23:59 – Was your senior management always on board with being part of the testing? 27:06 – So the third hour of their required training is something the employees choose? 27:54 – Have you always had the philosophy that the security training you do at work should become personal? 29:21 – What are three things you would tell someone beginning in the field to focus on? 32:51 – Taking the time to grow 34:49 – What do you do to help combat burn out? How about promoting self-care? 37:31 – What lacks the most sometimes in an organization is communication 37:43 – Who in this industry do you respect the most?
40:13 – Book Recommendations 43:55 – What got you so heavily into history? 44:38 – Finding Bernie on the internet: 47:04 – Outro Thanks to Bernie
Direct download: Ep._152_-_Security_Awareness_Series_-_Sharing_With_Your_Frenemies_with_Bernie_Acre.mp3
Category:Security Awareness -- posted at: 2:00am EDT |
Mon, 9 August 2021
In this episode, we are joined by Michael Roderick. Michael is the CEO of Small Pond Enterprises which helps thoughtful givers become thought leaders by making their brands referable, their messaging memorable, and their ideas unforgettable. He is also the host of the podcast Access to Anyone which shows how you can get to know anyone you want in business and in life using time-tested relationship-building principles. Michael's unique methodology comes from his own experience of going from being a High School English teacher to a Broadway Producer in under two years. August 9, 2021
00:00 – Intro 02:08 – Intro to Michael Roderick, CEO of Small Pond Enterprises
03:20 – High school teacher – where did that come from and what were you teaching? 04:17 – You moved to New York and while teaching high school, you decided you wanted to be a producer. How did that come about? 09:49 - Was all of what you are saying a plan of yours, or you just did it and it worked out? 11:45 – You were doing something for these people with no ask in return. This makes such a psychological bond with these people. Why would you do this? 14:41 – What framework did you create out of this experience? 19:45 – You’ve got direct and indirect approach, what are the other two? 23:07 – What methods do you use to find the detail about who you are approaching for the mutually beneficial approach? 27:19 – What’s the “E”? 35:16 – Did you come up with “DIME”? 35:55 – How can an average person use the skills you talked about to cultivate a network? 39:49 – Finding Michael on the Internet: Social Media links (not mentioned in podcast) Twitter: https://twitter.com/MichaelRoderick 40:37 – Who is your greatest mentor? 41:37 – Favorite Books
Direct download: Ep._151_-_Human_Element_Series_-_Dropping_a_Dime_with_Michael_Roderick.mp3
Category:Human Element Series -- posted at: 2:43am EDT |
Mon, 19 July 2021
In this episode, Chris Hadnagy and Ryan MacDougall are joined by Michael Fortune. Michael is the Security Behaviours Team Manager for British Telecom (BT) UK. Michael has been with BT for an amazing 22 years, where he is currently BT’s expert on security behavior, insider threat behavior, and social engineering, and helps guides the business around these risks. With over 160 thousand employees across the globe in his charge, Michael helps run a team of experts who support and drive security programs for the company. July 19, 2021 00:00 – Intro 03:37 – Michael Fortune Intro 05:22 – Michael’s Path – how has your background in psychology helped with cyber and information security? 06:10 – Have you been able to use psychological principles in eduction? 07:27 – How do you keep education engaging for 160,000 people? 10:07 – Top down approach 12:51 – You are essentially performing an SE gig in order to get an SE gig 14:03 – What’s your rule set? 15:59 – Senior Management Buy In – people are afraid of doing that so they don’t do it. How do you approach that? 19:08 – Where is the ethical line in using social engineering to get buy-in? 21:21 – Explaining to upper management the repercussions of not doing this training 22:52 – Were your CISO and Director of Protections always on board or did you have to convince them? 25:56 – What have you learned from your hundreds of thousands of SMishing attacks under your belt? 29:18 – Advice about getting buy-in from the top down can work for any sized company 30:30 – When you talk about personalizing the sessions that you do, do you personalize to the department, or 33:05 – Following through with a good program 36:24 – The idea is to get people to do it 36:38 – What colleagues do you respect most in the industry?
39:22 – What are some action steps that corporations should start doing right now? 42:00 – Experience is everything 44:48 – You need patience, because human being is different and complex 45:13 – Michael Fortune on the internet: Michael.2.Fortune@bt.com
Direct download: Ep._150_-_Security_Awareness_Series_-_Getting_Senior_Management_Buy-In_With_Michael_Fortune.mp3
Category:Security Awareness -- posted at: 2:00am EDT |
Mon, 12 July 2021
In this episode, Chris Hadnagy is joined by Teresa Abram. Teresa is the founder of Handwriting P.I., a full-service handwriting analysis business. Teresa is not only a handwriting analyzer, but also a professional personality investigator who can spot the red flags of a dangerous personality, identify someone’s strengths, and uncover what is holding someone back. Teresa’s interest in handwriting started when she was just 14 years old and has led her to hosting her own podcast, “A Most Unusual T Party” where she uses the letter T to unlock pieces of a person’s story...which is fascinating to listen to! July 12, 2021 00:00: Intro 03:01: Teresa Abram Intro 05:00: How did you get into this at 14 years old? 07:50: How does one practice handwriting analysis? 09:05: What is scary handwriting? Psychopath scale. 10:00: Chris’ handwriting 11:20: Can you fool handwriting analysis? 14:00: Can this be used by companies to vet potential employees? 16:05: InfoSec and Handwriting are similar. All science is accurate until it’s not. 18:35: Universal gestures 21:53: Discussion about Social-Engineer COO Ryan 24:19: Does Handwriting PI do handwriting analysis for employers? Combined with other disciplines. 26:31: Chris’ handwriting sample 27:23: Banned by Hitler as witchcraft 28:16: How long has handwriting analysis been around? 28:51: Can you analyze in different languages? How?
34:06: Methodology continued. Turning the paper over. Go to the letter “t”. 37:21: How long does handwriting analysis take to do? 38:12: What is another way you work with companies? 39:30: Wrap-up Teresa on the internet: Instagram: Handwriting_PI Website: www.handwritingpi.ca
40:47: Teresa’s mentor - Sheila Lowe, President of the American Handwriting Analysis Foundation 41:54: Favorite Books: 44:00: How old is Teresa’s Daughter? And how did she like having a Mom who would read her handwriting? 46:00: Outro
Direct download: Ep._149_-_Human_Element_Series_-_Whats_In_A_T_with_Teresa_Abram.mp3
Category:Human Element Series -- posted at: 2:00am EDT |
Wed, 16 June 2021
Ep. 148 - Security Awareness Series - Three Degrees of Separation from Neil Fallon with Rockie Brockway
In this episode, Chris Hadnagy and Ryan MacDougall are joined by Rockie Brockway. Rockie is currently the Practice Lead for the Office of the CSO for TrustedSec. With over 28 years' experience in information security and business risk, Rockie specializes in Business Risk Analysis and the inherent relationships between data, assets, adversaries, and the organization’s brand value. He provides strategic and tactical advisory services to TrustedSec’s clients, assisting them in maturing their organizations’ security programs. 00:00 – Intro Breaking Security Awareness Virtual Conference by Living Security – Chris will appear June 24 03:35 – Rockie Brockway Intro 07:25 – A little about Rockie’s background and how he got started in the industry 10:35 – Rockie's feelings on the past 29 years, from the first virus he saw vs what we see now 12:35 – Rockie was in a math rock band called Craw, Rockie played shows with CLUTCH!!! 17:15 – What should I have or learn to get a job in a company like yours? 21:52 – How do you take curious and knowledgeable people’s knowledge and bridge that gap between them and the decision makers? 23:43 – How can young people get the qualities you suggest? 25:20 – Never be afraid of failure 27:45 – How important is top-down leadership support, or what are the most important aspects of doing your job? 31:25 – Are there more or less “future thinking” proactive security concerns than there were years ago? 36:02 – What level of organizations are bringing you in for your assistance? 37:28 – Action steps for corporations to start doing now Outro 40:42 – Colleagues you respect most in the industry
42:45 – Book recommendations
44:33 – How to contact Rockie
Direct download: Ep._148_-_Security_Awareness_Series_-_Three_Degrees_of_Separation_from_Neil_Fallon_with_Rockie_Brockway.mp3
Category:Security Awareness -- posted at: 1:19pm EDT |
Mon, 14 June 2021
In this episode, Chris Hadnagy and Maxie Reynolds are joined by one of our greatest friends and mentors, Joe Navarro. After serving as an FBI agent for 25 years, Joe has become a nonverbal and behavioral expert. Since retiring, he has authored 14 books in 29 languages dealing with human behavior and body language. His book “What Every BODY Is Saying” remains the #1 selling body-language book in the world for over 12 years. Joe’s new book “Be Exceptional” brings 40 years of his observations and research into one book. 00:00 – Intro June 24th: Chris at Living Security 2nd annual Breaking Security Awareness (digital conference for 2021) 03:54 – Joe Navarro Intro 05:40 – Discussion on Joe’s newest book, “Be Exceptional”. Why a book about being exceptional? 08:41 – Is the writing style in the new book purposely like the others, where you compiled people’s behavior? Did you start writing with this idea, or did the book come about after you had cataloged it all? 13:16 – What is the difference between excellence and perfection? 15:13 – “Whoever provides the most psychological comfort is going to be the soonest winner” 16:23 – Excellence is about experience and the journey 18:34 – How does someone get to the place where they have mastery over their emotions? 22:50 – How do you get people to have self-awareness and humility? 24:05 – Self-Mastery 26:12 – What is the ranking of success, if it’s not “counting possessions”? 28:15 – How much of excellence is habit? Is any of excellence based on genetics? 29:18 – Thoughts on Usain Bolt and other runners achieving excellence 32:44 – Thoughts on Benjamin Franklin achieving excellence 39:42 – “Be Exceptional” comes out June 29, a bit of discussion about book release 41:02 – Wrap Up How to contact Joe: Joe Navarro on Twitter: @NavarroTells 42:01 – Favorite Books The Power of Myth – Joseph Campbell 44:22 – Joe’s Mentors Mom, Dad, Grandma Jack Schafer David Givens Gerald Post – CIA 47:12 – Outro www.social-engineer.org – newly redesigned
Direct download: Ep._147_-_Human_Element_Series_-_Becoming_Ben_Franklin_with_Joe_Navarro.mp3
Category:Human Element Series -- posted at: 1:00am EDT |
Mon, 17 May 2021
In this episode, Chris Hadnagy and Ryan MacDougall are joined by Jason Frank. Jason has an extensive background in helping both government and Fortune 100 organizations, and has served a course instructor for the Black Hat security conference. Jason is now currently the COO at SpecterOps, where he is accountable for execution of the company. He oversees the Adversary Simulation and Detection delivery capabilities, where he helps clients to understand, detect, and respond to adversaries. May 17, 2021
00:00 – Intro 03:05 – Podcast Guest Jason Frank Intro 03:22 – Jason at BlackHat 03:30 - SpecterOps 04:34 – How Jason got to where he is 08:50 – Curiousity and motivation born from failing at a CTF 09:50 – Adversary Simulation – why is Jason using this phrase? 12:32 – Where are we in the current security culture? 16:11 – How to get attention of stakeholders, what concepts do you put in play? 18:03 – Reactive vs. Proactive 21:56 – How can corporations prepare for and mitigate attacks? 23:39 – What are the business repercussions of not letting machines talk to each other, and only the server? 25:45 – What are the more recent attacks you’ve seen coming up that people should be looking for? 28:14 – Knowledge bombs – terminology that people can look up to recognize “low hanging fruit” they may be missing – Bloodhound 30:00 – Cycles where certain things can be exploited such as ActiveDirectory 30:50 – What other things do companies need to be watching for 32:14 – PowerShell 33:44 – What are some action steps that corporations should start taking right now? 34:51 – Colleagues Jason respects most in the industry
36:50 – Jason's Book Recommendations 38:31 – Wrap-Up @joemontmania on Twitter (Ryan MacDougall) @HumanHacker on Twitter (Chris Hadnagy) @InnocentOrg on Twitter (Innocent Lives Foundation)
Direct download: Ep._146_-_Demand_Transparency_with_a_blue_shirt_with_Jason_Frank.mp3
Category:Security Awareness -- posted at: 8:47am EDT |
Mon, 10 May 2021
In this episode, Chris Hadnagy and Maxie Reynolds are joined by industry professional Jack Schafer, PhD. Dr. Schafer is a psychologist, professor, intelligence consultant, and former FBI Special Agent. Dr. Schafer spent fifteen years conducting counter-intelligence and counterterrorism investigations, and seven years as a behavioral analyst for the FBI's National Security Division's Behavioral Analysis Program. May 10, 2021
00:00 - Intro 03:32 - Introduction to Dr. Jack Schafer, PhD. 04:54 - How Jack decided to start training people in his field after retirement 07:46 - Why is rapport building important? 11:49 - How do you stop rapport from being used against you? 13:51 - Explaining “The Truth Bias” 15:37 - Rapport works across different cultures 18:15 - The basic human need to correct other people 19:28 - Integrating the knowledge of that need into work as an FBI agent - “Brian’s Loop” 23:01 - People don’t answer yes or no, they answer Yes+, No+, I Don’t Know+ 23:19 - Flattery 25:13 - Roundabout vs Direct Approach 26:45 - The “right” way is the way that works for you 29:58 - The Truth “Default Mode” and breaking the baseline 33:05 - Verbal vs. Non-Verbal Cues 36:19 - Get A Commitment 37:36 - Why does getting a commitment work on humans? 39:50 - The Lip Purse 42:40 - Wrap Up 44:45 - Jack’s Mentors 46:30 - Contact Jack Email: jackschafer500@yahoo.com 47:06 - Outro
Direct download: Human_Element_Series_Podcast_-_145_Jack_Schafer_FINAL.mp3
Category:Human Element Series -- posted at: 1:00am EDT |
Mon, 19 April 2021
In this episode of the SECurity Awareness Series of the SEPodcast, Chris Hadnagy and Ryan MacDougall are joined by Ashley Rose, the CEO of Living Security. Listen in as they discuss the best methods to teach cybersecurity awareness, as well as the unique advantages when using escape rooms to do so. April 19, 2021
00:00 – Introduction 03:12 – Introduction to Ashley Rose 04:31 – Ashley’s path into cybersecurity awareness 10:59 – Developing an escape room that teaches cybersecurity 15:02 – How Living Security adapted to the pandemic 22:16 – How Ashley gets the attention of potential clients 26:00 – Why “adaptive problem solving” is a vital skill 28:49 – How this training is increasing security awareness 30:47 – The industry’s unhealthy focus on compliance 34:41 – The science that went into developing the training 36:49 – How training can be individualized to increase effectiveness 41:42 – Ashley's contact info 42:28 – Ashley's most respected colleagues 44:40 – Ashley’s action steps that corporations should start doing right now 49:06 – Ashley's book reccomendations 50:13 – Outro
Direct download: Ep._144_-_Adaptive_Problem_Solving_with_Ashley_Rose.mp3
Category:Human Element Series -- posted at: 1:00am EDT |
Mon, 12 April 2021
In this episode of the Social-Engineer podcast, Chris Hadnagy and Maxie Reynolds are joined by Dr. Ida Ngambeki, an Assistant Professor of Computer and Information Technology at Purdue University. Listen in as they discuss importance of empathy and the best ways to teach social engineering. April 12, 2021 00:00 – Intro 03:25 – Introduction to Dr. Ida Ngambeki 04:20 – How Ida got into social engineering 08:45 – Teaching the next generation of social engineers 11:30 – Teaching the distinct aspects of social engineering 17:05 – The difference between a pentester and a malicious actor 19:01 – The importance of bias and assumptions 20:36 – Ida’s unconventional path to social engineering expertise 24:42 – The importance of empathy in security education 27:50 – The three aspects of empathy 30:04 – Diversity in the information security industry 34:22 – Chris getting held at gunpoint 39:50 – The problem with fear-based pretexts 42:32 - Ida’s industry mentors Donna Riley Demitra Evangelou Melisa Dark Alejandrah Magana William Gratiano Mark Rogers 45:14 – Ida's book recommendations 47:59 – Ida's contact info 49:23 – Maxie's book 51:02 - Outro
Direct download: NEW_Ep._143-_Empathetic_Hugs_with_Ida_Ngambeki.mp3
Category:Human Element Series -- posted at: 1:00am EDT |
Mon, 15 March 2021
In this episode of the SECurity Awareness Series of the SEPodcast, Chris Hadnagy and Ryan MacDougall are joined by Brian Phillips who is responsible for information security at Macy’s. Listen as they discuss how to: build an information security organization, hire the right people, and get buy-in from executives. March 15, 2021
00:09 – Intro 01:54 – Introduction to Brian Phillips 02:44 – Security in a retail environment and impacts from the pandemic 07:25 - How to build an information security organization from the ground up 10:14 – Changing an organization's mindset for better security 14:20 – The most desirable quality in a team member, and how to recognize it in an interview 18:21 – How to nurture an outsider into a security professional 22:48 - How to align corporate security initiatives with business goals 26:38 – The importance of buy-in from the C-level down, and how to get it. 38:13 – Key takeaways that corporations should start doing now 40:17 – Brian’s most respected colleagues 42:14 – Brian's book recommendations Robin Dreke's Books: Joe Navarro’s Books:
44:03 – Conclusion
Direct download: Ep._142__You_Can_Be_Right_and_Still_Be_Wrong_with_Brian_Phillips.mp3
Category:Security Awareness -- posted at: 2:09am EDT |
Mon, 8 March 2021
In this episode, Chris Hadnagy and Maxie Reynolds are joined by ex-FBI Spy Catcher and now world renowned Trust and Rapport expert, Robin Dreeke. Listen in as they discuss the importance of mentoring, TRUST and relationship building. - March 8, 2021 00:09 – Intro 01:43 – Introduction to Robin Dreeke 03:35 – The importance of mentoring 09:37 – The levels of mentoring 11:05 – How to find a mentor 14:18 – How to choose a mentee 18:49 – Building genuine relationships and partnerships 21:11 – Teaching transparency 23:29 – Bringing value to a relationship and exercising transparency 25:45 – Try to understand the reasons behind a person’s actions 33:13 – Figure out what kind of feedback a person needs 36:20 – Making empathy a habit 38:01 – When emotionally hijacked, utilize tactical empathy 41:17 – Is it better to confront or adapt to miscommunication? 47:08 – Robin's current projects and info Human Hacking Conference: https://www.humanhackingconference.com/trainers/robin-dreeke/ 51:51 – Robin's most respected colleagues 52:55 – Robin's book recommendations 56:17 - Outro
Direct download: Ep._141_-_Do_You_Want_to_be_Mentored_with_Robin_Dreeke.mp3
Category:Human Element Series -- posted at: 1:00am EDT |
Mon, 15 February 2021
In this episode, Chris Hadnagy and Ryan MacDougall are joined by industry professional, Julie Rinehart. Julie has spent the last 10 years building and enhancing Fortune 500 enterprise Security Awareness programs. Listen as they discuss using empathy to improve security awareness and the flaws in the “stupid user” philosophy.
00:10 – Intro 01:56 – Introduction to Julie Rinehart 02:28 – How Julie got into the industry 06:21 – Dismantling the “stupid user” philosophy 07:53 – How to interview your employer 10:34 – The biggest milestones in Julie’s career 14:31 – How you can encourage users to report the phish they clicked on 19:22– What we can learn from “people who try to do the right thing and then mess up” 25:25 – The benefits of making security personal 28:34 – Julie's biggest challenges in the industry 30:28 – Increase security awareness using gamification 35:13 – Julie's mentors and most respected colleagues 38:54 - Julie’s podcast recommendations 43:52 – Outro
Direct download: Ep._140__Empathetic_Security_with_Julie_Rinehart.mp3
Category:Security Awareness -- posted at: 1:00am EDT |
Mon, 8 February 2021
In this episode, Chris Hadnagy and Maxie Reynolds are joined by writer, speaker, business owner, and hype artist, Michael F. Schein. Michael shares the social engineering tactics he was able to learn from cult leaders and mischief makers. Find out how these often-manipulative tactics can be used for good. - Feb 8, 2021 00:09 – Introduction 01:44 – Introduction to Michael F. Schein 02:30 – How Michael figured out that we can learn from cult leaders and mischief makers 10:38 - Influence through disruption 11:44 – Make war not love 13:21 – Basecamp: Simplicity by hating complexity 16:21 – Building hype requires confidence 18:15 – Focus on what you want to be known for 26:06 – Create a secret society 30:27 – How Michael socially engineered himself onto the podcast 35:34 – The positive side of hype 37:43 – Chris, Maxie and Michael's favorite music 43:03 – Michael's most respected colleague: Michael Roderick 44:21 – Michael's book recommendations:
47:10 – Michael's contact info
48:39 – Outro
Direct download: Ep._139_-_Dont_Believe_This_Podcast_with_Michael_F._Schein.mp3
Category:Human Element Series -- posted at: 1:00am EDT |
Mon, 18 January 2021
In this episode, Chris Hadnagy and Ryan MacDougall are joined by industry professional, Marcus Sailler to discuss his experience as the red team information security manager at Capital Group. Marcus shares some great tips on creating a successful security team and how you can prevent it from becoming the "No Police". They also go over the recent changes in the industry, including how big hacks have increased security awareness in the general public.
00:09 – Introduction to the new Security Awareness Series 01:28 – Introduction to Ryan MacDougall 02:32 – Introduction to Marcus Sailler 04:20 – How Marcus got into information security 06:08 – Recent changes in the infosec industry- How a big hack increases security awareness 12:09 – How a red team and security awareness team can collaborate to enhance security 14:25 – Introduction to Capital Group 16:17 – Coming up with relevant attacks for a global company 18:08 – How a security team can avoid becoming the “No Police” 21:39 – Why it’s better to build a blue team first 22:24 – The importance of attitude and ego for a red teamer 25:04 – How a red team benefits from partnership 26:53 – Emulate the bad guy, but remember to be good 29:18 – Steps corporations should implement now 30:58 – Some of Marcus’ most respected industry professionals 34:47 – Marcus' book recommendations 39:18 – Marcus' contact info 14:38 – Outro
Direct download: Ep._138__Security_With_Marcus_Sailer_of_Capital_Group.mp3
Category:Security Awareness -- posted at: 1:00am EDT |
Mon, 11 January 2021
In this special episode, Chris Hadnagy joins Maxie Reynolds to talk about the amazing stories and useful lessons contained in Chris’s new book: “Human Hacking: Win Friends, Influence People, and Leave Them Better Off for Having Met You”. Listen as Chris delves into the process of making “Human Hacking” and shares the awesome story behind its inception. Maxie and Chris also discuss the importance of empathy especially when it comes to hacking humans. Chris a global security expert and master hacker. He is the founder and CEO of Social-Engineer, LLC, the creator of the popular Social Engineer Podcast, website, and newsletter, and designed “Advanced Practical Social Engineering,” the first hands-on social engineering training course and certification for law enforcement, military, and private sector professionals.
00:09 – Introduction to Maxie Reynolds 02:13 – Introduction to Christopher Hadnagy’s brand-new book: “Human Hacking: Win Friends, Influence People, and Leave Them Better Off for Having Met You” 02:51 – Human-hacking is a skill that can be used in everyday life by everyday people 04:19 – What it means to “Leave Them Better Off for Having Met You” 05:50 – “The martial art of the mind” and how a malicious person could use it for harm 07:39 – Empathy and why it is so important when hacking humans 09:21 – Showing empathy while amygdala hijacked 11:40 – Empathy is more than just putting yourself in someone else’s shoes 14:15 – Empathy is often hierarchical 16:33 – The power of “I’m sorry” 18:02 – Why understanding the meaning behind someone’s actions is so important 21:48 – Accuracy of the stories told in the book 24:15 – The process of co-authoring the book with Seth Schulman 26:43 – The amazing story of how the book came to be 31:16 – How to fight the isolation and social awkwardness brought by technology and, more recently, COVID-19. 34:46 – Giving your feedback on the book 36:20 – A distillation of the “Advanced Practical Social Engineering” course, made applicable to everyone 40:50 – Socially engineering the world’s best rock band 43:51 - “Quick Fire Questions”: 44:04 – Chris's favorite story in the book 45:04 – Is there a stage in child development where less empathy is shown? 46:10 – Would the new book have helped teenage Chris? 48:01 – Is it as nicer to feel empathy yourself or receive it from someone else? 49:49 – Balance is required when teaching empathy. 51:19 – How we can all better our communities by learning to “Win Friends, Influence People, and Leave Them Better Off for Having Met You” 53:35 – Chris's book recommendations 54:56 – Outro
Direct download: Ep._137__Human_Hacking_With_Chris_Hadnagy.mp3
Category:Human Element Series -- posted at: 1:00am EDT |