Emotional Intelligence and Human Hacking
Penetration Testing & Emotional Intelligence
This was a presentation I gave remotely at the BHIS event AwarenessCon, inspired by the friction that arose in Iowa when two penetration testers were taken into custody because of work performed during an engagement. In this talk, I speak about the importance of being mindful of how clients will feel about their security being breached and what important questions we must ask ourselves in advance of such jobs.
This entry on my site is cross-posted over in the lockpicking and physical entry section because there is plenty of content demonstrating the kinds of attacks that my team and I use to gain access to secured spaces, but it appears here because the main thrust of things was to highlight the emotional and relationship management components to the job that we do for customers.
Soft Skills - The Key to Hacking Your Career
Prominent and very wise individuals in INFOSEC have published blog posts and offered wisdom to those who seek to enter our industry. One of the best sides of our community is on display when venerable types extend a hand to the next generation. These amazing articles and collections of links and training resources can help guide many hopefuls on the path toward knowledge and perhaps their first of many rewarding jobs. However, what if you aren’t just focusing on your first new job, but instead you want to take a broader view and help plot out your entire career? What if you don’t simply want to work for an INFOSEC business but instead you aim to run your own company? I have started and currently own several successful security firms… and I believe there are some very specific points and considerations that don’t get brought up in the discussion. With the hope of saving countless new employees from failure and many new businesses from bankruptcy, in this presentation I discuss the key element that many people fail to bring to the table when starting a security career… and the secret to the success of so many INFOSEC individuals who came before us.
The Silver Tongue vs the Iron Fist
Physical security operations are meant to keep your people and your facility safe. And while you've heard me discuss the myriad ways that team and I get through mechanical and electronic access control systems... often it's the human element that is weakest. And it also is the most overlooked. But this is not a social engineering talk. Nor is this a talk about how to make your employees and executives more aware about phishing and tailgating.
No... this is a much more hard-hitting talk about physical security on the front lines
Whether guards, goons, or general volunteers... your staff who interact with the public are the first line of defense against those who would cause trouble and disrupt your affairs. But do your people have the skills to contain disturbances calmly and professionally? Or are some on your team inadvertently making incidents worse because they lack training in certain key disciplines?
I share what I've learned through decades of work as a guard, a counselor, and a professional ruffian bent on getting past defenses. Often, it's not bluster and displays of authority that are the best medicine when folk step out of line... rather, it tends to be individuals with the best people skills and training in crisis management who come to the rescue time and time again.