What do an ASL interpreter, web developer, professional actor, billing coordinator, and a call center employee all have in common? I promise this isn’t the beginning to a terrible joke. The bridge that links us is our current jobs; we are all now professional social engineers (SE). How did our paths converge? Join me as we take a peek into a professional social engineering team! We will ask them two questions each. Namely:
- How did you end up in the field?
- Why did you decide to make it your career?
My Entry into the World of Social Engineering
To start, let me introduce you to my beginning in the field. I had been interpreting American Sign Language in K-12 schools and absolutely loved my job. I had heard about Social-Engineer, LLC from someone who had taken their Advanced Practical Social Engineering (APSE) class. For those of you who aren’t familiar with this class, it dives into rapport-building techniques, the science behind body language, and more. As someone that grew up obsessed with “Lie to Me,” I was immediately interested.
At the end of the school year, I was looking for a temporary job, and heard that Social-Engineer, LLC was hiring. I applied, interviewed, and was offered the job. Over the next couple of months, I fell in love with it so much that I decided to change my career path. The overlap with my interest in body language and communication made it a great fit for me. I also conquered my distaste of making phone calls… which is good, because a main part of my job now is vishing.
This combination of what I already loved and the new experiences I was having outside of my comfort zone makes this one of the most interesting jobs I’ve ever had. Plus, getting paid to legally break into buildings is pretty cool… even when it means jumping in the trash. Let’s see what my team members said when I asked them the above questions.
A Web Developer: Patrick
How did you end up in the field?
My first introduction to social engineering was via two books. Back in the mid-90s, I read Takedown, and my next exposure was through Chris Hadnagy’s book, Social Engineering: the Art of Human Hacking. I was working for a local university, had some interest in information security, and my manager at the time had the book. He handed it to me and said “You might like this.” From that point, I started learning more about social engineering. The first time I actually got to do it, I was a contractor and tasked with calling 50 people at a company and trying to get passwords from them. By directing them to a website, I had a 64% success rate and was hooked.
Why did you decide to make it your career?
I understand the risk that so many companies face with social engineering. Our employees want to be polite and helpful, and that is exactly what social engineers look to exploit. We need more understanding of how to defend and protect ourselves against these attacks, so in 2018 I created a conference to focus on discussion of these topics and help with awareness.
I stay in this field because we’re only at the beginning of this threat. We’re going to see it grow even bigger each year, in spite of the fact that social engineering has existed for centuries. Remember the Trojan horse? That was social engineering. I want to continue to help people better understand these types of attacks and help them to politely protect their company, themselves and their family against social engineering attacks. It makes me happy to see someone do the right things and defend against me, knowing they’ll do the right thing when it’s an actual malicious attack.
A Professional Actor: Curt
How did you end up in the field?
In 2019 I was retired from acting for about 9 years and was talking to a friend on my drive home from a job I loathed (it had a 2-hour commute on a good day). This friend was in the social engineering field, and we were talking about a speech he had given recently. I watched it but still didn’t know exactly what social engineering was. As he explained what his company did, I thought “Man, I need to do that.” Before then, I had no idea that this was even a career that existed. From there I interviewed with Social-Engineer, LLC, and started on the vishing team!
Why did you decide to make it your career?
I have always enjoyed the endorphin rush from getting people to trust me with information, or when they allow me in to “behind the scenes” places where most people don’t get to go. I realized that a lot of the techniques professional social engineers use were ones I used naturally. Because of that, it didn’t make me nervous. This job allows me to hone those skills and get that endorphin rush in a way that doesn’t make the world a worse place. In fact, it makes it a little safer.
A Billing Coordinator: Rosa
How did you end up in the field?
Several years ago, I met Chris Hadnagy through mutual friends. He would tell us about what he did for a living and I found it fascinating. At the time, I had a comfortable but unfulfilling accounting job at a hotel. I recall listening to Chris’ podcast at work; I always had a love for psychology, so learning how there were so many psychological principles used in social engineering made my interest in the field grow. The spring of 2020 was a turning point for me as I was laid off due to the lack of business at the hotel. After contacting Chris, I interviewed at Social-Engineer, LLC, and accepted a position as a professional visher. That is how I started my career in social engineering.
Why do you stay?
Initially, I was not sure if I would enjoy making non-stop vishing calls for an extended period of time. However, I was pleasantly surprised at the variety of projects that I was able to work on. Not all vishing calls are the same. Depending on the client, we have different pretexts and different objectives which keep the calls interesting. I also have an amazing team of colleagues that support and learn from each other constantly.
In addition, we have been able to work on OSINT and SERA projects which are remarkably diverse and interesting. Our team also contributes to our websites’ content by writing different articles, which I really enjoy. To top it off, I have the privilege of being a co-trainer for our top-of-the-line class, APSE. Needless to say, there’s a lot of variety in my work. It gives me a sense of satisfaction to know that I’m helping individuals and corporations to be more secure.
A Call Center Employee: Josten
How did you end up in the field?
Honestly, I didn’t have the most experience starting off. However, I do enjoy talking to people. One of my previous jobs was at a call center for a collection agency. The job relied a lot on influencing and persuading, but I didn’t feel like I was really helping the people I talked to. I mentioned this to a friend, and he said I would be a perfect fit for a job opening at the company he works for. I decided to interview, and the rest is history!
Why did you decide to make it your career?
I’ve always been fascinated by human behavior; observing what makes people tick and how everyone operates on a psychological level. I knew right after I started working here that it was the field for me. In such a short time, I’ve learned a lot about cognitive biases, nonverbals, and so much more. There’s always something new to learn or a skill that can be improved in the work we do when talking to people. It challenges me constantly, but in a good way. They are also skills we take with us outside of work, and they have helped improve the relationships I build in everyday life. I especially enjoy it because all the while I know it’s for the good of those we reach. We’re helping them for when the bad guys do come around and don’t hold back.
Leave Them Safer
Despite our various backgrounds and ways we were introduced to the field, there are a few constants. Each of us loves the new skills we are learning, and this industry constantly pushes us to grow. Additionally, it gives us a sense of satisfaction knowing that we are helping not only companies, but individuals, become more secure. This really hits home for us when we talk to someone that reminds us of one of our loved ones. There’s nothing better than knowing that we are leaving them safer than before we met them.
Written by: Shelby Dacko
Sources:
https://www.social-engineer.com/training-courses/advanced-practical-social-engineering-training/
https://www.social-engineer.com/services/vishing-service/
https://www.social-engineer.com/my-first-pen-testing-onsite-social-engineering-engagement/
https://www.social-engineer.org/newsletter/acting-skills-helped-me-become-a-vishing-professional/
https://www.goodreads.com/book/show/18161.Takedown
https://www.amazon.com/Social-Engineering-Art-Human-Hacking/dp/0470639539
https://layer8conference.com/
Images:
https://www.lynnjackson.com/wp-content/uploads/2021/02/B051-remote-working-coronavirus-technology-scaled-1.jpg
https://media.istockphoto.com/photos/thats-definitely-put-a-smile-on-my-face-picture-id1144585596?k=20&m=1144585596&s=612×612&w=0&h=pw5nN1d1lnnGT94Re5dFgmEBUSZL53_EzWbi6myesWA=