Social Engineering Security Into Your Business presented at Notacon 7

by Mick Douglas, James Arlen (Fortune 500 Financial), Brandon Knight, Chris Clymer (Security Justice),

Summary : Finding security vulnerabilities is easy. Getting them remediated is HARD. Many of the real problems in information security are not about technical prowess with packet dumps or disassemblers, they're about exercising the "soft skills" you discarded when entering IT. In this talk the four of us will show how social engineering can be applied not to break into systems, but to secure them. How do you convince your DBAs they really do need to apply the latest Oracle patch? How do you convince the CIO that you need funds and people to perform dedicated vulnerability scanning? How do you convince your users that they really shouldn't put that password on their monitor? We'll cover all this and more with a little shouting, a lot of scolding, and some live demonstrations.

James Arlen: James Arlen, CISA, is a security consultant most recently engaged as the CISO of a mid-market publicly traded financial institution. He has been involved with implementing a practical level of information security in Fortune 500, TSE 100, and major public-sector corporations for more than a decade. James has a recurring column on Liquidmatrix Security Digest. His areas of interest include organizational change, social engineering, blinky lights and shiny things.

Brandon Knight: Brandon Knight is a security professional and Notacon organizer, which has nothing to do with this panel being accepted. Honest!

Chris Clymer: Chris Clymer is a frustrated security professional and co-host of the Security Justice podcast.