Hacking the Corporate Mind - Using Social Engineering to Improve Organizational Security Acceptance

Explore social engineering techniques to improve organizational security acceptance in this Black Hat USA 2012 conference talk. Discover how to bridge the gap between information security teams and users, enhancing security awareness and policy adherence. Learn to overcome departmental conflicts, communicate effectively with non-technical management, and apply social engineering tactics to blend in and understand user perspectives. Gain insights on adapting security plans based on user feedback, championing information security within the organization, and balancing business needs with security requirements. Examine a case study on proximity card login and develop strategies to transform information security from an obstacle into an integral part of organizational culture.

Intro
Why Should You Listen To Me?
Defining The Problem
Know Your Enemy, Know Yourself
Infosec is an Obstacle
Business Need Trumps Security This is the hardest thing for defense geeks to accept
Infosec Needs Champions
What Do You Want?
What is an Infosec Geek to do?
Talk you Introverted Bastards!
Put On Your Social Engineering Hat
Find out how to blend in
Examine the Target
Insert The Data
Case Study: Prox Card Login (2)
Listen to the Users
Change Your Plans
Communication
Non-Technical Management
Conclusion