Working at the dangerous intersection of technology and security, social engineers help organizations stay safe(r) by exposing their vulnerabilities. Often, this relies less on advanced coding skills than it does on old-fashioned behavioral psychology and the reflexes of a trickster. In this humorous account, an infosec con artist spills her secrets.
“How I Socially Engineer Myself Into High-Security Facilities”
By Sophie Daniel
Vice
October 20, 2017
Hello! My name is Sophie and I break into buildings. I get paid to think like a criminal.
Organizations hire me to evaluate their security, which I do by seeing if I can bypass it. During tests I get to do some lockpicking, climb over walls or hop barbed wire fences. I get to go dumpster diving and play with all sorts of cool gadgets that Q would be proud of.
But usually, I use what is called social engineering to convince the employees to let me in. Sometimes I use email or phone calls to pretend to be someone I am not. Most often I get to approach people in-person and give them the confidence to let me in.
My frequently asked questions include:
What break-in are you most proud of?
What have you done for a test that you were the most ashamed of?
What follows is the answer to both of these questions. Read more.