Social engineering, physical security and employee empowerment

Today ‘Freaky Clown’ a specialist is social engineering performed a talk at Bsides London simply named: ‘How I Rob Banks’.

The talk started with both comedy and legal matters and then followed into the differences between cyber security and Physical security.  ‘Freaky Clown’ went onto say:

“[Physical Secuirty’s] cobbled together and is a bit shit… These are the people that spend billions of dollars on [cyber] security… How much do you think they spend on physical security? Not much.”

Freaky Clown continued the talk by stating several key areas that he deemed necessary to be an effective penetration tester in the field of social engineering. These included:

  • A Poker-face
  • The ability to blend in
  • Politeness
  • Appropriate skills
  • Appropriate equipment

After this segment Freaky Clown continued in several areas including stating specific areas of company Infrastructure that were lacking in regards to security. He ended up on the topic that seemed to be a buzz word at the event (and rightly so), this being ‘Empowerment’. This came into account when the conversation moved towards receptionists and their role in security, Freaky Clown noted the fact that:

“[Receptionists are] Useless at security”

Freaky Clown quickly redeemed himself by noting that this was indeed due to the fact that receptionists and many other company employees were simply not empowered when in came to security concerns and needed both training and help in the area.  This was bolstered by Freaky Clown’s comment on employees assuming he belonged, stating:

“Because I was there, people assumed I should be there.”

Image source:

James Stevenson

Im a Cyber Security enthusiast that loves all things to do with technology. I'm specifically interested in cyber security and ethical hacking.

You may also like...