In the context of information security, social engineering is a practice that can help hackers to acquire personal information, insights, and access. Social engineering techniques can also be used by hackers and non-hackers alike to become more skilled at observing the people around them and making informed decisions that are based on these observations. In this session, you will learn how to take a social engineering approach towards improving your team dynamics, including:
- Strategies for assessing your team’s current strengths and areas of improvement.
- Recommendations for developing an action plan to initiate change, and using ongoing observation techniques to effectively manage change.
- Best practices for resolving conflict, particularly for team members with different communication styles.
2. #AbstractionsCon @oliravi
About Me
● Senior Cloud Training Specialist at Cloudbakers
● Background in cultural anthropology and change management
● Certified Ethical Hacker
3. #AbstractionsCon @oliravi
Agenda
● Assessing your team’s current strengths and areas of improvement
● Developing an action plan to initiate change
● Using ongoing observation techniques to effectively manage change
● Resolving conflict, particularly for team members with different
communication styles
4. #AbstractionsCon @oliravi
What is Social Engineering?
“...any act that influences a person to take an action that
may or may not be in their best interest.”
- Security Through Education
5. #AbstractionsCon @oliravi
“The goal of the social engineer is to get you to make a
decision without thinking.
The more you think, the more likely you are to realize you
are being manipulated, which of course is bad for the
attacker.”
- Christopher Hadnagy, Social Engineering: The Art of Human Hacking
16. #AbstractionsCon @oliravi
“Ethnography is the work of describing a culture. The
central aim of ethnography is to understand another way of
life from the native point of view. [...]
Rather than studying people, ethnography means
learning from people.”
- James P. Spradley, Participant Observation
18. #AbstractionsCon @oliravi
Describe your team.
● Permanent or temporary
● How long has the team been together?
● Existing communication channels
● Range of technical skills
19. #AbstractionsCon @oliravi
Describe your team.
● Which members tend to speak most often in meetings?
● Which members prefer to share their ideas through other
communication channels?
● Which members struggle with time management?
20. #AbstractionsCon @oliravi
Describe your team.
● How do members interact with other when not in meetings or
project settings?
● How frequently do more senior members pair together with
more junior members?
● To what extent do team members use “we” vs. “I” when referring
to team initiatives and outcomes?
24. #AbstractionsCon @oliravi
“As a social engineer, remember that you don’t need to
immediately go for the exact flags you need.
Get some minor ones to help build those feelings that will
lead the person to concede and comply.”
- Christopher Hadnagy, Social Engineering: The Art of Human Hacking
25. #AbstractionsCon @oliravi
Hotel Example: Goals
● Good: Any personal information that they can provide
○ Phone number
○ Email address
○ Type of credit card that was used to reserve the room
● Better: Room number
● Best: Keycard to access the room
26. #AbstractionsCon @oliravi
Team Example: Goals
● Good: More juniors asking for help from their senior colleagues
● Better: Lunch and Learn sessions to share knowledge and build
skills
● Best: A formal mentorship program to pair junior and senior team
members together
31. #AbstractionsCon @oliravi
Prosci: ADKAR Model for Change Management
Awareness of the need for change
Desire to support the change
Knowledge of how to change
Ability to demonstrate skills and behaviors
Reinforcement to make the change stick
32. #AbstractionsCon @oliravi
Hotel Example: What do they value?
● Helping the guest to have a smooth and positive interaction
● Helping someone in distress to have a better day
● Depending on the agent:
○ Being able to quickly move onto the next guest in line - OR -
○ Spending more time making a meaningful connection with the guest
33. Resolve conflict by offering a
solution and value that are based
on your observations.
38. #AbstractionsCon @oliravi
Team Example: What do they value?
Having an efficient and
methodical workflow
Learning new skills that
could lead to a promotion
Dwight Jim
41. #AbstractionsCon @oliravi
Summary
● Observe your team from an outside perspective.
● When developing an action plan, begin with quick wins.
● Observe how and why team members are responding to change.
● Resolve conflict by offering a solution and value that are based
on your observations.
42. #AbstractionsCon @oliravi
Additional Resources
● Christopher Hadnagy - Social Engineering: The Art of
Human Hacking
● Kevin Mitnick - The Art of Deception: Controlling the
Human Element of Security
● James P. Spradley - Participant Observation
43. #AbstractionsCon @oliravi
Additional Resources
● Kim Christfort and Suzanne Vickberg - Business
Chemistry: Practical Magic for Crafting Work
Relationships
● Robert A. Rohm - Positive Personality Profiles
● Prosci: ADKAR Model for Change Management