Many presentations focus on the surprising results of social engineering assessments from an offensive perspective, but discussions entirely centered around defensive strategies occur less often. This presentation will cover the key steps for preparing for a social engineering assessment, whether contracting a firm or conducting it internally. The discussion will include defining the scope and objectives to ensure a focused assessment, addressing critical legal and ethical considerations to ensure compliance, and preparing your team with essential training to recognize social engineering tactics. The presentation will also emphasize the importance of establishing clear communication protocols for smooth coordination and highlight the need for a response plan to effectively manage any findings and vulnerabilities uncovered during the assessment. Above all, when conducting a social engineering assessment, it is crucial not merely to "teach to the test" but to embed proactive defensive measures into your organization's culture permanently. This approach ensures that security awareness and vigilance become a fundamental part of everyday operations, fostering a resilient and security-conscious environment that goes beyond the assessment period.
Peter Fellini is AVP of Cybersecurity with Compass Cyber Guard. Peter has over 20 years of experience in a variety IT Security fields such as Ethical Hacking, Social Engineering, and Auditing. He has a Masters of Science in Education as well as industry certifications including Certified Information Systems Security Professional (CISSP), Social Engineering Pentest Professional (SEPP), Offensive Security Wireless Professional (OSWP), PCI Professional (PCIP), etc. Peter has competed multiple times at DefCon's Social Engineering Village in the SECTF challenge. He is also attending school part-time at Johnson & Wales University to become a professional craft beer brewer.
Patrick Laverty is a seasoned Cybersecurity Professional currently with Compass Cyber Guard. Renowned for his expertise in penetration testing and certified social engineering, Patrick has a distinguished career that includes roles such as Senior Team Lead at Social-Engineer, LLC and Senior Security Consultant at Rapid7. He is also the founder of the Layer8 Conference and podcast, dedicated to educating the public on social engineering and OSINT (Open Source Intelligence) topics.
Topic: Embedding Security: Preparing for a Social Engineering Assessment
Time: Sep 12, 2024 01:00 PM Eastern Time (US and Canada)