You can have the best technical security controls in the world, from the most expensive firewall to the most sophisticated biometric access control, but they will not protect you from social engineering attacks.
This is the first time the Social Engineering Engagement Framework (SEEF) author offers an in-person public workshop. Normally the workshops and briefings are closed-group private enterprise or Government only workshops. Profit from first-hand knowledge and experience of a social engineering and information security professional with 20 years of experience, Dominique C. Brack.
What you will learn:
- This course will provide you with the skills to detect, defend and assess social engineering attacks and the associated risk.
- Tools and techniques to plan, execute and manage social engineering engagements.
- You will learn the motivations and methods used by social engineers enabling you to better protect yourself and your organization.
- What can and will be used against you, your employees and your organization.
- You will learn how some of the most elegant social engineering attacks take place.
- Learn to perform these scenarios and what is done during each step of the attack.
This is not a technical course; no technical prerequisites are required. Some tools might be used in the course for achieving a purpose but there is no programming skills necessary.
Social Engineering is an area filled with ethical challenges, risks, and legal landmines and the instructor will do his best to share his experiences in this course. So participants can reap the benefits of his experiences without falling into the pitfalls he had over the years.
1. Social Engineering Economy – Introduction to Social Engineering
• Assessing social engineering threats
• The evolution of social engineering
• Thinking like a social engineer
• Why social engineering works? The principles on which social engineering is based
• The legal and ethical aspects of social engineering
2. The Social Engineering Engagement Framework (SEEF) – Advanced Techniques and Methods Social engineering engagement management – how to execute SE engagements/ tests
• Governance, Risk, and Compliance including “++”
• Approach Selection Method (ASM) – selecting the most effective and efficient approach
• Attack Vector Development (AVD) – developing the most effective attack vectors
• The psychology of social engineering – interpersonal distance, zones of approach, rapport building etc.
3. Social Engineering Prevention and Defence
• Identify countermeasures against social engineering attacks
• Phishing attacks – is it worth to run phishing exercises?
• Defend against social engineering deceptions that threaten organizational security
• Plan and evaluate security assessments
• Promote vigilance and implement procedures to defeat deceptions
4. Exercises and practical application – Tools used by Social Engineers
• Identifying interview techniques that elicit private information
• Leveraging authority as a manipulation tool
• Conducting information collection: i.e. dumpster dive to gather intelligence
• Gathering Information and Intelligence Identifying information sources
• OSINT tools
Professionals, Organizations, and Governments. Individuals who have a professional interest in social engineering. Functions or roles requiring social engineering knowledge either for active use or for building protection against social engineering attacks. CISO’s, Managers, Consultants, Developers, Hackers, Intelligence Org., Red Teams, Pentesters, Psychologists, Defence, Strategists, Tacticians, CxO’s etc.
Willing to learn and apply new things. A technical background is not necessary.
Decision-maker, penetration tester, or hacking enthusiast, this training will be an excellent addition to your professional curriculum.
Documents (forms and presentation) and the SEEF eBook will be delivered at the beginning of the workshop.
In the end, participants will receive the Certificate of Achievement by Social Engineering Engagement Framework (SEEF) signed by the Trainer (Dominique C. Brack Author SEEF).
- Dominique C. Brack is a recognized expert in information security, including identity theft, social media exposure, data breach, cybersecurity, human manipulation, and online reputation management. He is a highly qualified, top-performing professional with outstanding experience and achievements within key IT security, risk and project management roles confirming expertise in delivering innovative, customer-responsive projects and services in highly sensitive environments on an international scale. Dominique is accessible, real, professional, and provides topical, timely and cutting edge information. Dominique’s direct and to-the-point tone of voice can be counted on to capture attention, and – most importantly – inspire and empower action.
Length of the training:
The training lasts 8 hours:
- Saturday, 6.4.2019, 9.00-17.00
- Hotel Nox, Celovška cesta 469, Ljubljana