Top Tips for Combating - and Recruiting - Social EngineersAlethe Denis of Bishop Fox on Social Engineering and Red Teaming
Social engineering is typically used to trick human beings to gain unauthorized access to computer networks and steal personal information, financial data or intellectual property. It is now becoming popular as a career option for ethical hackers.
Building "social engineering skills" and using them to conduct red team engagement are essential to simulate attacks and help secure access to clients' networks, said Alethe Denis, senior security consultant at Bishop Fox and winner of DEF CON Black Badge at DEF CON 27.
"It's not just to do better security awareness training. It's about putting technical controls and processes in place that will prevent people who have a lapse in judgment or a bad day or are not as great at identifying when they're being manipulated or targeted by a social engineering attack," Denis said. "Zeroing in on where we're most vulnerable in our organization through testing and training and then trying to patch any remaining gaps allow organizations to prevent people who make a mistake from being able to complete the next step."
In this video interview with Information Security Media Group at RSA Conference 2023, Denis also discusses:
- Bolstering security by running security awareness training programs;
- The common security issues to look for while conducting security assessments;
- Advice to people who want to consider ethical social engineering as a career path.
Denis has expertise in social engineering, open-source intelligence and performing security assessments and training for both the private and public sectors, with an emphasis on critical infrastructure organizations. She's a frequent conference speaker and podcast guest and has spoken at DerbyCon and ConINT.