The art of hacking people.
June 15-16, 2017
Susan Sons, firstname.lastname@example.org
What is it?
From Wikipedia: Social engineering, in the context of information security, refers to psychological manipulation of people into performing actions or divulging confidential information. A type of confidence trick for the purpose of information gathering, fraud, or system access, it differs from a traditional "con" in that it is often one of many steps in a more complex fraud scheme.
Susan's definition: Social engineering is the practice of using applied psychology to shape others' behavior outside a controlled (lab, clinic, etc.) setting.
Thinking Like a
Social Engineering needn't be cynical.
- Talking your way out of a fight.
- Keeping disaster survivors calm and sane.
- Talking down a hostage situation.
- Getting things done under an incompetent supervisor, without making him or her feel like you are a threat.
- Making sure everyone leaves a negotiation satisfied with the results.
- De-escalating an argument.
Life is a game in which the one with the best questions wins.
What's the goal here?
What's the lesson?
What's the best use of my time?
Who has access?
What do they want?
What have I learned?
What do they expect?
Assumptions and accustomed patterns
Using and Sharing This Work:
"Social Engineering: the art of hacking people" by Susan Sons is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.
Please credit Susan Sons and the IU Center for Applied Cybersecurity Research when using this presentation.
Permissions beyond the scope of this license may be available; send inquiries to email@example.com.
The most current version of this presentation is available from
By Susan Sons