Learn From Industry Experts
We are honored to accept and host community presenters who share our desire to share their knowledge about Social Engineering as either a presentation or as part of a panel.
Share Your Knowledge
Do you have something related to Social Engineering which you’d like to share with the community?
Submissions closed June 2, 2023.
Our 2023 Presentations
Snow
Chief People Hacker at IBM
JC
President at Snowfenive
A Slice of Deception: The 2023 #SECVC Debrief
Join the Founders of the Social Engineering Community as they break down this year’s Vishing Competition (#SECVC). They’ll talk about how the competition is organized, and some of the big takeaways, trends, and surprises (both good and bad) from the OSINT and Vishing Plan reports. They’ll also recount some of the highlights from this year’s live calls.
About Snow: Over a decade ago, in a hotel not far away from this very location in Vegas, Snow began her career in Social Engineering. At the very beginning of her journey multiple people told her she couldn’t make a career as a dedicated Social Engineer. Through late nights of studying, practice, determination, learning from her mentor, and a lot of spite, she has made a successful career as a Social Engineer. Today, she is the Chief People Hacker for IBM Security’s X-Force Red team, where she leads the global Social Engineering practice.
About JC: JC is one of the two co-founders of the Social Engineering Community and has competed in previous Social Engineering competitions. JC also runs the Vault, a physical security competition held at SAINTCON in Utah. JC’s passion for competition as well as innovation has been an exciting avenue for him as he and Snow built the new Social Engineering Community’s Vishing Competition.
Andrew Lemon
Principal Security Engineer at Red Threat
Anti-Social Engineering: Can You Be a Good Social Engineer Without Being Social
Social engineering has long been thought of as a domain for outgoing, charismatic people. However, in this talk, I will argue that introverted and socially-awkward individuals can be just as effective in social engineering as their extroverted counterparts. Drawing on my personal experience as an introverted social engineer, I will share tips and tricks for blending in, avoiding confrontation, and getting the information you need without attracting unwanted attention. Through real-world examples from my physical pentesting engagements, I will demonstrate how my “anti-social” approach has yielded results that even my more outgoing colleagues were unable to achieve. I will also dispel common misconceptions about social engineering and challenge the notion that charisma and acting skills are essential to the craft. Attendees will leave with a newfound appreciation for the power of blending in and avoiding attention, as well as practical tips for incorporating these techniques into their own social engineering engagements.
About Andrew Lemon: Lemon is Lemon is the Principal Security Engineer at Red Threat where he serves as the lead over Penetration Testing and Red Teaming. His primary interest lie in physical penetration testing and social engineering. Lemon honed his skills on high pressure physical penetration test usually involving armed guards.
Langston "Shock" Clement
Red Team operations and Penetration Testing Lead at Core BTS
Daniel "Jcache" Goga
Security Consultant at Core BTS
Your Swag is My Swag: Pwning Fortune 500 Companies with Vistaprint
Socially engineering a target organization with a hard hat and safety vest never gets old, but there are more ways to the server room. Take your physical penetration test to the next level, swagged out in the latest company-branded quarter zip sweatshirt. In this presentation, Langston and Dan will share their adventures hiding in plain sight while pwning Fortune 500 companies with official apparel and replica merchandise. They will explain their OSINT methodology for identifying 3rd party branding sites and tips for creating authentic-looking, made-to-order gear for any occasion. After learning these new techniques, you’ll be so convincing that you might even get invited to your target client’s next BBQ!
About Langston Clement: Langston grew up reading stories about the 90’s hacker escapades, and after years of observing the scene, he jumped into the cybersecurity field and never looked back. He is the current lead for Red Team operations and Penetration Testing engagements at Core BTS. With over fifteen (15) years of public and private sector experience in cybersecurity and ethical hacking, he aims to provide organizations with valuable and actionable information to help improve their security posture. Langston’s specializations focus on modern-day social engineering techniques, wireless and RFID attacks, vulnerability analysis, as well as physical and cloud penetration testing.
About Dan Goga: Dan Goga serves as a Security Consultant with Core BTS focused on conducting penetration testing and vulnerability assessments. Dan Goga has eight years of information security experience in the public, private, and academic sectors. Dan has extensive knowledge and experience with RFID hacking, phishing techniques, social engineering techniques, and penetration testing.
Dr. Jessica Barker
Moderator, Co-Founder at Cygenta
Maxie Reynolds
Panelist, Founder at Subsea Cloud
Sam Davison
Panelist, Head of Security and Privacy Engineering at Etsy
Rebecca Markwick
Panelist, Enterprise Cybersecurity Awareness and Culture Lead
Panel: Building an Effective Security Culture Program
With most cyber attacks and incidents involving social engineering, security culture is hugely influential in cyber security prevention and response. Your security culture is the foundation of your security posture, influencing whether people value cyber security, engage in awareness-raising training and report incidents and concerns. In this panel discussion, we will explore:
- What cyber security culture is
- How you can build an effective awareness-raising program
- Different ways to approach phishing simulations
- Practical steps to positively influence cyber security behaviors
Join us as we debate how to best protect the number one vector in cyber attacks: people.
About Dr. Jessica Barker: Dr. Jessica Barker MBE is a best-selling author and international keynote speaker. An award-winning leader in the human side of cyber security, she has delivered face-to-face awareness sessions to over 50,000 people. Jessica is the go-to cyber expert for media including the BBC, Sky News and Wired magazine and she has delivered over 80 keynotes, including NATO, the World Government Summit, and RSA San Francisco.
Jessica is Co-Founder of the cyber security company Cygenta, where she focuses on her purpose to advance cyber security awareness, behaviour, and culture in organisations around the world. She serves on numerous industry boards, including the UK Government Cyber Security Advisory Board. The author of ‘Confident Cyber Security’ and co-author of ‘Cybersecurity ABCs’, she helps audiences around the world understand why people are the heart of cyber security. In June 2023, Jessica was awarded an MBE for services to cyber security by King Charles III in his first Birthday Honours.
When Jessica is not working, she loves learning and so over the years she has taken classes in everything from horse riding to singing to circus skills. Born in the UK, she now lives in Las Vegas with her husband FC and their cat Bubble.
About Maxie Reynolds: Maxie Reynolds started her career in oil and gas as an underwater robotics pilot and subsea engineer working in Norway, Venezuela, Australia, Italy, Russia, Nigeria and the US. She then transitioned into cyber security at PwC in Australia, working in ethical hacking and social engineering. She also published a best selling book in 2021 titled ‘The Art of Attack: Attacker Mindset for Security Professionals.’ In late 2021, she moved back to the field of subsea engineering and created Subsea Cloud – a data center infrastructure company that places data centers underwater. Maxie was born in Scotland and is educated in Computer Science and Underwater Robotics. Currently, Maxie’s aim through her startup is to reduce latency, costs and CO2 emissions for hyper-scale spenders and small businesses alike whilst being the most agile infrastructure company around.
About Sam Davison: Sam Davison is a Security, Privacy, and Trust & Safety leader. She recently joined Etsy as the Head of Security and Privacy Engineering. Prior to her current role, Davison served as Director of Trust & Privacy Engineering at Robinhood, building and leading all consumer-facing security, privacy, and trust & safety engineering in addition to offensive security and intelligence functions. Davison has held leadership roles at the Krebs Stamos Group, Lyft, Snap Inc., and Uber where she led efforts with a particular emphasis on behavioral engineering, offensive security, and content moderation. Before working in Silicon Valley, she conducted extensive research on the efficacy of security engagement and co-led a consulting firm that built behavioral-based programs for 15+ Fortune 500 companies. Davison has volunteered throughout her career, lending her expertise to survivors of domestic abuse and election protection efforts.
About Rebecca Markwick: Rebecca has spent over a decade designing and delivering training. Her experience in complex behavioural training allows for an innovative approach to designing security awareness programmes and accompanying metrics. One of her key areas of interest is the ethics of phishing and pen testing when considering effective training and culture and how best to protect the everyday user from attack. She is currently Enterprise Cyber Security Awareness and Culture Lead at a global BioTech company. Prior to this she was Security Culture Advocate at the UK’s Ministry of Justice.
Preston Thornburg
Co-Founder at Upshield
Dani Goland
Founder at CloudSec
Phishing with Dynamite: Harnessing AI to Supercharge Offensive Operations
Artificial Intelligence (AI) has fundamentally reshaped the landscape of cybersecurity, making traditional defensive strategies outdated and inadequate, particularly in the realm of phishing attacks. In this era of large language models (LLMs), phishing has evolved from flawed syntax, primitive design, and generic narratives. Using state-of-the-art AI tooling, we can now generate spear-phishing campaigns that are highly personalized with unprecedented precision, leveraging publicly available data from social media, work profiles, and more. In this talk, we’ll show you how it’s done. We will also delve into innovative exploitation techniques that leverage alternative communication channels, like AI-based audio deepfakes for conversational reeling. All of this is made possible with our soon to be released and open-source phishing framework – nemo. We’ll give you a front-row seat to how AI is revolutionizing offensive security operations. Get ready to step into the future of phishing attacks – it’s more sophisticated, more realistic, and scarier than you could ever imagine.
About Preston Thornburg: Preston is the co-founder of Upshield, a full-stack web3 security platform. Much of his research focuses on the automated identification of adversaries throughout the Ethereum and broader cryptocurrency landscapes. He’s recently launched a technical podcast, ‘Mad Blocks’, that deep dives into web3 projects to extract underlying risks and breakpoints. Preston’s background is heavily based in offensive security, having led operations against cryptocurrency platforms, international banks, critical infrastructure, and governments.
About Dani Goland: At the age of 20, Dani Goland founded his own boutique company for innovative software and hardware solutions. Dani did not neglect his hands-on capabilities in both making and breaking systems. Dani spoke at numerous cybersecurity conferences such as BlackHat USA, CodeBlue Japan, CONfidence, SEC-T, and more. After serving in the IDF as a commander of a Field Intelligence unit, Dani went on an 8-month journey across South America. He loves snowboarding, and music concerts.
