4 Days left to get a GIAC Certification Attempt Included with Online Training - Register Today!


To attend this webcast, login to your SANS Account or create your Account.

Your Pen-Test has a Glaring Weakness - Emulating the Attackers Better with Social Engineering

  • Monday, March 10th, 2014 at 1:00 PM EDT (17:00:00 UTC)
  • Dave Shackleford & James Lyne
This webcast has been archived. You can view the webcast presentation and download the slides by logging into your SANS Portal Account or creating an Account. Click the Register Now button after you have logged in to view the Webcast.

You can now attend the webcast using your mobile device!


Over the past few years penetration testing has grown by leaps and bounds in being recognized as a key security capability for every enterprise. So too have the capabilities of penetration testers in emulating the high end technical attacks of cyber criminals, hackers or even nation states. Unfortunately, in our experience many organizations are still missing a primary attack vector - one that many attackers have used incredibly successfully over 2013 - social engineering. Gone are the days of sophisticated attackers' social engineering attempts being misspelt, overtly suspicious phishing e-mails (though they will never entirely disappear) and bring on the future of cleverly crafted attacks which ask the user nicely to hand over data.

In this webcast we will discuss the need for social engineering in penetration testing programs, how to avoid the common pitfalls (legal, ethical and technical) and a few top techniques that have a strong history of success from our penetration tests. Learn how awesome social engineering can be and build better awareness of attacks against the human.

Speaker Bios

Dave Shackleford

Dave Shackleford, a SANS analyst, instructor, course author, GIAC technical director and member of the board of directors for the SANS Technology Institute, is the founder and principal consultant with Voodoo Security. He has consulted with hundreds of organizations in the areas of security, regulatory compliance, and network architecture and engineering. A VMware vExpert, Dave has extensive experience designing and configuring secure virtualized infrastructures. He previously worked as chief security officer for Configuresoft and CTO for the Center for Internet Security. Dave currently helps lead the Atlanta chapter of the Cloud Security Alliance.

James Lyne

James Lyne is Global Head of Security Research at the security firm Sophos. He is a self-professed 'massive geek' and has technical expertise spanning a variety of the security domains from forensics to offensive security. James has worked with many organisations on security strategy, handled a number of severe incidents and is a frequent industry advisor. He is a certified instructor at the SANS Institute and is often a headline presenter at industry conferences.

James firmly believes that one of the biggest challenges we face is in making security accessible and interesting to those outside the industry. As a result, he takes every opportunity to educate on security threats and best practice - always featuring live demonstrations and scenarios of how cyber criminals operate in the real world.

James has given multiple TED talks, including at the main TED event. He's also appeared on a long list of national TV programmes to educate the public including CNN, NBC, BBC News, Bill Maher and John Oliver. As a spokesperson for the industry, he is passionate about talent development, regularly participating in initiatives to identify and develop new talent for the industry

Need Help? Visit our FAQ page or email webcast-support@sans.org.

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.