Social Engineering. That’s what this is about. I define social engineering as intentionally getting people to do things through social manipulation. Whether you are on ‘offense’ and need to engineer the truth around you or you are a ‘defender’ and are looking to dissect the truth of a situation. But Tom, how does this apply to me? While a lot of my anecdotes come from my 15 years as a police officer, detective, and hostage negotiator, this entire area is useful to the majority of people. If you are on a cyber red team then you’ve likely picked up or learned many of the engineering the truth ideas that I’m going to talk about. If you are a cop or detective, dissecting the truth is critical to your daily job. But what about Alice and Bob who just work a normal office job? What about Carol who works retail? You may have seen the news over the past few decades about cyber security breaches and compromises. It will likely not surprise you that humans are generally the weakest link in a company’s security.

If you think you’ve never seen social engineering in person, then you likely did and were just unaware of it. Take a look at this video of social engineer Jessica Clark and watch how she engineers the truth around her persona to get her unsuspecting target to do what she asks. After watching that you might recognize similar events that have happened to you in the past. How do you engineer the truth like Jessica? Training and practice. How do you defend against a Jessica? Training and practice. That’s what this blog is all about. My experience as a police officer, detective, and negotiator molded me into a walking BS detector and social engineer. In this blog you will learn from my mistakes and successes, and will learn to identify and articulate flags of dishonesty both in others and in yourself. You might already know a lot about this topic but getting the detective perspective will be another tool in your toolbox. More next time.