| |||||
| |||||
Search Irongeek.com:
Help Irongeek.com pay for bandwidth and research equipment: |
Becoming a Human nMAP! Cultivating a Renaissance Approach for the Social Engineer
Abstract:
As a security analyst with an atypical entry into the
information security world, one of my research questions
posed in social engineering is why reading a diverse array of
topics is beneficial to the social engineer, be it something
they are passionate about or not. In building upon last year,s
Defcon 24 presentation at the Social Engineering Village by
Tomohisa Ishikawa: "Does Cultural Differences become a
barrier for social engineering?" cultural differences presented
by different countries place emphasis on different genres;
therefore, what one person from a certain country holds dear,
the other may not. Therefore, your reconnaissance, pretexts
and elicitations and the support required must be able to
adapt. I have found this to be true.
Reading/Watching/Listening like a 'Renaissance individual
(knowledgeable on a variety of topics but not limited to select
ones) ameliorates this challenge. The answer came from a
combination of attending the Advanced Practical Social
Engineering course in 2016 and a self-reflection; all the
reading I loved and hated as a child and as an adult has
given me an extensive web to build rapport through as a
social engineer and improve my elicitation to procure more
information . In my talk, I would like to discuss how to
develop a strategy and which areas to focus on so you would
be available to navigate even through the darkest of waters,
and the coldest of individuals, and get information you would
need.
Bio:
Tigran Terpandjian (th3CyF0x) is an Incident Handler at a large technology firm. An alumnus of
the Advanced Practical Social Engineering Course taught by
Social-Engineer Inc, he has been fascinated with languages,
cultures, social psychology, military tactics and history since
his childhood. Despite receiving a B.A in international
relations with a concentration in: world politics and diplomacy
(University of Richmond), he stumbled across the path of
Cyber Security and decided to pull the trigger and tumble
down the security rabbit hole. Along the way, he was beset
by the beasts of Compliance, the SOC, FISMA and Fed
RAMP but found his banner under Red Teaming & Social
Engineering; now a cyber threat hunter, he has creatively
combined his love for red teaming and social engineering.
Tigran enjoys applying red teaming, digital reconnaissance
and social engineering concepts to conduct cyber threat
hunting and is passionate about emulating the adversary.
When not on the hunt, Tigran loves playing tennis, practicing
Krav Maga and is an advocate for the inconvenient truth.
15 most recent posts on Irongeek.com:
|
If you would like to republish one of the articles from this site on your
webpage or print journal please contact IronGeek.
Copyright 2020, IronGeek
Louisville / Kentuckiana Information Security Enthusiast