When you hear the word "hacker," you envision someone breaking into a computer, but did you know that people can be hacked? The manipulation and persuasion of people can lead to someone gaining physical access to a location or even data being leaked.

Today's guest is Jenny Radcliffe. Jenny is the founder and director of Human Factor Security and is commonly known as the People Hacker. She's a world-renowned social engineer hired to bypass security systems through a no-tech mixture of psychology, con-artistry, cunning, and guile. Jenny is also a podcaster, keynote speaker, talk show host, and panel chair.

Show Notes:

• [0:58] - Jenny explains social engineering as no-tech hacking and how she became known as the People Hacker.
• [2:32] - Chris shares how a pen tester recently made a mistake and Jenny describes some of the mistakes she has made on that job.
• [3:56] - Laughing at previous mistakes, Jenny shares a memorable experience where she almost got caught in the act.
• [5:55] - In her experience, it is better to use psychology over breaking into a physical location.
• [7:01] - Jenny shares a story about breaking into a museum as the first time she felt drawn to this lifestyle and years later it was an industry she could work for.
• [10:30] - After a physical engagement and success in gathering the objects or data needed for the job, Jenny describes her adrenaline and celebration.
• [13:05] - Physical entry can seem very theatrical as we've all seen in action movies like James Bond. But ideally, Jenny says that evidence someone was there should not be left behind.
• [14:57] - Jenny sometimes leaves business cards in locations after she breaks into them and takes photos that she has saved.
• [16:50] - There is an element of social engineering with pen testing.
• [17:45] - Apparent authority is one of the top strategies used in social engineering. Jenny explains how Covid has made this even easier to dupe someone.
• [19:40] - Criminals and social engineers capitalize on fear, uncertainty, and doubt.
• [20:47] - During pen testing, a no-blame culture is crucial. Otherwise, people won't report in times of actual penetration.
• [22:12] - Even if you don't think you are being scammed, you should always tell someone the second you are told to keep quiet about something.
• [23:27] - Chris and Jenny discuss ransomware. In some cases, there is not an organization with a business model.
• [25:01] - There have recently been a lot of high-profile ransomware hacks.
• [26:17] - You have to try to remove the emotion for the victim so that payment is not made. It's horrible but if the money is paid, they'll come back.
• [28:55] - How are these large companies getting hacked? How are hackers getting through?
• [29:36] - Have all the tech security in place but be aware that one person could still make a mistake.
• [30:54] - The reason the cyber security industry is so huge is because, despite our best efforts, mistakes happen.
• [32:07] - You can't guarantee avoidance as long as humans are involved. With proper training and the right amount of suspicion, all we can do is hope everyone will remember to report anything unusual.
• [34:18] - In a compliance-minded organization, something as simple as a sign that says not to do something, they don't question it.
• [36:49] - Jenny shares a story of being caught and them not ever saying anything that she was seen.
• [39:23] - "This is not my problem." Chris and Jenny chat about Hitchhiker's Guide to the Galaxy and how some of the scenes apply to her job.
• [41:39] - Cyber security is something that defines how good a business is these days.
• [42:27] - When asked about things that go wrong during physical pen tests, Jenny says there are so many experiences that she tries to give a different answer to everyone who asks.
• [45:19] - Jenny shares the most boring physical pen test she experienced.
• [48:11] - Usually something goes wrong, so when something goes absolutely to plan, it is surprising for Jenny.
• [49:12] - Jenny shares the 4 things to do to stay safe. What are her red flags?

Thanks for joining us on Easy Prey. Be sure to subscribe to our podcast on iTunes and leave a nice review.

Links and Resources:

• Podcast Web Page
• Facebook Page
• whatismyipaddress.com
• Easy Prey on Instagram
• Easy Prey on Twitter
• Easy Prey on LinkedIn
• Easy Prey on YouTube
• Easy Prey on Pinterest
• Human Factor Security Web Page
• People Hacker on Twitter
• Human Factor Security Podcast
• Human Factor Security on YouTube