8th Layer Insights - Deceptionology 101: Introduction to the Dark Arts

Deceptionology 101: Introduction to the Dark Arts

07/06/21 • 61 min

Have you ever noticed how fundamental deception is to the human condition? Deception and forms of social engineering have been with us since the beginning of recorded history. And yet, it seems like we are just as vulnerable to it as ever. But now the stakes are higher because technology allows social engineers to deceive at scale.

This episode explores the psychology of deception, provides a foundation for understanding social engineering, offers a few mental models for exploration and exploitation, and discusses how we can prepare our mental defenses.

Guests:

Rachael Tobac: (LinkedIn), CEO of SocialProof Security
Chris Hadnagy: (LinkedIn); CEO of Social Engineer, LLC; Founder of Innocent Lives Foundation; Founder of Social-Engineer.org
Lisa Forte: (LinkedIn); Partner at Red Goat Cyber Security; Co-Founder Cyber Volunteers 19
George Finney: (LinkedIn); Chief Security Officer at Southern Methodist University; Founder of Well Aware Security

Notes & Resources:

CSO Online article on Social Engineering
OODA Loop
Understanding Framing Effects
More examples of Framing Effects
Harvard Business Review article on the Principles of Persuasion
A blog series I did on Deception (Part 1), (Part 2).
PsychologyToday article on Social Engineering

Recommended Books (Amazon affiliate links):

The Art of Deception: Controlling the Human Element of Security by Kevin Mitnick
Ghost in the Wires: My Adventures as the World's Most Wanted Hacker by Kevin Mitnick
Human Hacking: Win Friends, Influence People, and Leave Them Better Off for Having Met You by Chris Hadnagy
Influence, New and Expanded: The Psychology of Persuasion by Robert Cialdini
Pre-Suasion: A Revolutionary Way to Influence and Persuade by Robert Cialdini
Practical Social Engineering: A Primer for the Ethical Hacker by Joe Gray
Social Engineering: The Science of Human Hacking by Chris Hadnagy
Thinking, Fast and Slow by Daniel Kahneman.
Transformational Security Awareness: What Neuroscientists, Storytellers, and Marketers Can Teach Us About Driving Secure Behaviors by Perry Carpenter
Well Aware: Master the Nine Cybersecurity Habits to Protect Your Future by George Finney

Music and Sound Effects by Blue Dot Sessions & Storyblocks.

Artwork by Chris Machowski.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Guests:

Rachael Tobac: (LinkedIn), CEO of SocialProof Security
Chris Hadnagy: (LinkedIn); CEO of Social Engineer, LLC; Founder of Innocent Lives Foundation; Founder of Social-Engineer.org
Lisa Forte: (LinkedIn); Partner at Red Goat Cyber Security; Co-Founder Cyber Volunteers 19
George Finney: (LinkedIn); Chief Security Officer at Southern Methodist University; Founder of Well Aware Security

Notes & Resources:

CSO Online article on Social Engineering
OODA Loop
Understanding Framing Effects
More examples of Framing Effects
Harvard Business Review article on the Principles of Persuasion
A blog series I did on Deception (Part 1), (Part 2).
PsychologyToday article on Social Engineering

Recommended Books (Amazon affiliate links):

The Art of Deception: Controlling the Human Element of Security by Kevin Mitnick
Ghost in the Wires: My Adventures as the World's Most Wanted Hacker by Kevin Mitnick
Human Hacking: Win Friends, Influence People, and Leave Them Better Off for Having Met You by Chris Hadnagy
Influence, New and Expanded: The Psychology of Persuasion by Robert Cialdini
Pre-Suasion: A Revolutionary Way to Influence and Persuade by Robert Cialdini
Practical Social Engineering: A Primer for the Ethical Hacker by Joe Gray
Social Engineering: The Science of Human Hacking by Chris Hadnagy
Thinking, Fast and Slow by Daniel Kahneman.
Transformational Security Awareness: What Neuroscientists, Storytellers, and Marketers Can Teach Us About Driving Secure Behaviors by Perry Carpenter
Well Aware: Master the Nine Cybersecurity Habits to Protect Your Future by George Finney

Music and Sound Effects by Blue Dot Sessions & Storyblocks.

Artwork by Chris Machowski.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Previous Episode

This is BS!

Ever wrestled with the fact that people often make horrible security decisions even though their employers have security awareness programs in place? It's often because we assume that being aware of something should naturally result in better behavior. Well... that's not the case. This episode takes a deep dive into the knowledge-intention-behavior gap where we are confronted with three realities of security awareness. And those realities lead us to the realization that we need to focus on behavior.

Guests for this episode are all leaders in the fields of Behavioral Science. They are, BJ Fogg, Ph.D., author of Tiny Habits: the Small Changes that Change Everything, Matt Wallaert, author of Start at the End: How to Build Products That Create Change, and Alexandra Alhadeff, co-author of Deep Thought: A Cybersecurity Story.

Guests:

BJ Fogg, Ph.D.. -- Behavior Scientist & Innovator at Stanford University. (Personal website) Author of Tiny Habits: The Small Changes That Change Everything. (Amazon link)
Matt Wallaert -- Head of Behavioral Science at frog (a Capgemini company). Author of Start at the End: How to Build Products That Create Change (Amazon link)
Alexandra Alhadeff -- Behavioral Scientist & Product Manager at The Fabulous. (Personal website)

Notes & Resources:

BJ Fogg testimony to the 2006 US Federal Trade Commission about the dangers of persuasive technology.
Fogg Behavior Model
About Nudge Theory
Multiple examples of Nudging
Great catalog of Dark Patterns
Ideas42 cybersecurity-related behavioral science research.
Deep Thought: A Cybersecurity Story, by Ideas42.

Recommended Books (Amazon affiliate links):

Tiny Habits: The Small Changes That Change Everything, by BJ Fogg, Ph.D.
Start at the End: How to Build Products That Create Change, by Matt Wallaert
Nudge: Improving Decisions About Health, Wealth, and Happiness, by Richard Thaler and Cass Sunstein
Inside the Nudge Unit: How Small Changes Can Make a Big Difference, by David Halpern
Evil by Design: Interaction Design to Lead Us into Temptation by Chris Nodder
Thinking, Fast and Slow by Daniel Kahneman.
Transformational Security Awareness: What Neuroscientists, Storytellers, and Marketers Can Teach Us About Driving Secure Behaviors by Perry Carpenter.

Music and Sound Effects by Blue Dot Sessions & Storyblocks.

Artwork by Chris Machowski.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Next Episode

Going Meta: A Conversation and AMA with Bruce Schneier

In this episode, Perry Carpenter interviews cybersecurity guru Bruce Schneier. Perry and Bruce explore how cybersecurity is about so much more than technology — It’s about people, so we benefit by taking a multidisciplinary approach.

In preparing for this interview, Perry solicited his LinkedIn network to see what questions people had for Bruce. This is a wide ranging conversation covering everything from Bruce’s thoughts on cybersecurity’s “first principles” to the impact that the pandemic had on society to need for regulation to help raise the overall standards for security and privacy.

Guest: Bruce Schneier (https://www.schneier.com/blog/about/) (https://twitter.com/schneierblog)