Governance & Risk Management , Next-Generation Technologies & Secure Development , Video

Top Tips for Combating - and Recruiting - Social Engineers

Alethe Denis of Bishop Fox on Social Engineering and Red Teaming
Alethe Denis, senior security consultant, Bishop Fox

Social engineering is typically used to trick human beings to gain unauthorized access to computer networks and steal personal information, financial data or intellectual property. It is now becoming popular as a career option for ethical hackers.

See Also: Expel: Firms Still Threatened by Old Vulnerabilities

Building "social engineering skills" and using them to conduct red team engagement are essential to simulate attacks and help secure access to clients' networks, said Alethe Denis, senior security consultant at Bishop Fox and winner of DEF CON Black Badge at DEF CON 27.

"It's not just to do better security awareness training. It's about putting technical controls and processes in place that will prevent people who have a lapse in judgment or a bad day or are not as great at identifying when they're being manipulated or targeted by a social engineering attack," Denis said. "Zeroing in on where we're most vulnerable in our organization through testing and training and then trying to patch any remaining gaps allow organizations to prevent people who make a mistake from being able to complete the next step."

In this video interview with Information Security Media Group at RSA Conference 2023, Denis also discusses:

  • Bolstering security by running security awareness training programs;
  • The common security issues to look for while conducting security assessments;
  • Advice to people who want to consider ethical social engineering as a career path.

Denis has expertise in social engineering, open-source intelligence and performing security assessments and training for both the private and public sectors, with an emphasis on critical infrastructure organizations. She's a frequent conference speaker and podcast guest and has spoken at DerbyCon and ConINT.


About the Author

Mathew J. Schwartz

Mathew J. Schwartz

Executive Editor, DataBreachToday & Europe, ISMG

Schwartz is an award-winning journalist with two decades of experience in magazines, newspapers and electronic media. He has covered the information security and privacy sector throughout his career. Before joining Information Security Media Group in 2014, where he now serves as the executive editor, DataBreachToday and for European news coverage, Schwartz was the information security beat reporter for InformationWeek and a frequent contributor to DarkReading, among other publications. He lives in Scotland.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing devicesecurity.io, you agree to our use of cookies.