In the context of information security, social engineering is a practice that can help hackers to acquire personal information, insights, and access. Social engineering techniques can also be used by hackers and non-hackers alike to become more skilled at observing the people around them and making informed decisions that are based on these observations. In this session, you will learn how to take a social engineering approach towards improving your team dynamics, including:
- Strategies for assessing your team’s current strengths and areas of improvement.
- Recommendations for developing an action plan to initiate change, and using ongoing observation techniques to effectively manage change.
- Best practices for resolving conflict, particularly for team members with different communication styles.
2. #TechoramaNL @oliravi
Agenda
● Assessing your team’s current strengths and areas of improvement
● Developing an action plan to initiate change
● Using ongoing observation techniques to effectively manage change
● Resolving conflict, particularly for team members with different
communication styles
3. #TechoramaNL @oliravi
What is Social Engineering?
“...any act that influences a person to take an action that
may or may not be in their best interest.”
- Security Through Education
4. #TechoramaNL @oliravi
“The goal of the social engineer is to get you to make a
decision without thinking.
The more you think, the more likely you are to realize you
are being manipulated, which of course is bad for the
attacker.”
- Christopher Hadnagy, Social Engineering: The Art of Human Hacking
15. #TechoramaNL @oliravi
“Ethnography is the work of describing a culture. The
central aim of ethnography is to understand another way of
life from the native point of view. [...]
Rather than studying people, ethnography means
learning from people.”
- James P. Spradley, Participant Observation
17. #TechoramaNL @oliravi
Describe your team.
● Range of technical skills
● How long has the team been together?
● Which members tend to speak most often in meetings?
18. #TechoramaNL @oliravi
Describe your team.
● Which members prefer to share their ideas through
other communication channels?
● How frequently do more senior members pair together
with more junior members?
● How do members interact with each other outside of
meetings or project settings?
22. #TechoramaNL @oliravi
“As a social engineer, remember that you don’t need to
immediately go for the exact flags you need.
Get some minor ones to help build those feelings that will
lead the person to concede and comply.”
- Christopher Hadnagy, Social Engineering: The Art of Human Hacking
24. #TechoramaNL @oliravi
Hotel Example
● Good: Any personal information that they can provide
○ Phone number
○ Email address
○ Type of credit card that was used to reserve the room
● Better: Room number
● Best: Keycard to access the room
25. #TechoramaNL @oliravi
Team Example
● Good: More juniors asking for help from their senior colleagues
● Better: Lunch and Learn sessions to share knowledge and build
skills
● Best: A formal mentorship program to pair junior and senior team
members together
30. #TechoramaNL @oliravi
Prosci: ADKAR Model for Change Management
Awareness of the need for change
Desire to support the change
Knowledge of how to change
Ability to demonstrate skills and behaviors
Reinforcement to make the change stick
31. #TechoramaNL @oliravi
Hotel Example: What do they value?
● Helping the guest to have a smooth and positive interaction
● Helping someone in distress to have a better day
● Depending on the agent:
○ Being able to quickly move onto the next guest in line - OR -
○ Spending more time making a meaningful connection with the guest
32. Resolve conflict by offering a
solution and value that are based
on your observations.
35. #TechoramaNL @oliravi
Dwight
“I have to ask our manager if
it’s okay for me to help you.”
Jim
“Before I can help you, we
need to fix Jira first.”
�
37. #TechoramaNL @oliravi
Team Example: What do they value?
Having an efficient and
methodical workflow
Learning new skills that
could lead to a promotion
Dwight Jim
40. #TechoramaNL @oliravi
Summary
● Observe your team from an outside perspective.
● When developing an action plan, begin with quick wins.
● Observe how and why team members are responding to change.
● Resolve conflict by offering a solution and value that are based
on your observations.
41. #TechoramaNL @oliravi
Additional Resources
● Christopher Hadnagy - Social Engineering: The Art of
Human Hacking
● Kevin Mitnick - The Art of Deception: Controlling the
Human Element of Security
● James P. Spradley - Participant Observation
42. #TechoramaNL @oliravi
Additional Resources
● Kim Christfort and Suzanne Vickberg -
Business Chemistry: Practical Magic for Crafting Work
Relationships
● Robert A. Rohm - Positive Personality Profiles
● Prosci: ADKAR Model for Change Management