The spring SourceCon conference is just a few weeks away! We’ve decided to do a short podcast series to introduce you to a few of the speakers. The great thing about podcasts is that you can listen on your commute or download them to your phone so you can listen as you travel to the event. Please be sure to subscribe!
Our guest today is Michele Fincher of Social Engineer, Inc.
Podcast transcription by Speechpad.
Jeremy Roberts: Hi, this is Jeremy Roberts. I’m the Editor of sourcecon.com. Today, for our Meet the Speaker series, we’re actually going to be speaking with Michele Fincher of Social Engineer. Hi, Michelle, how are you?
Michele: I am doing great, Jeremy. Thanks so much for having me.
Jeremy: Well, thanks for joining us. I think everybody is really excited to hear your presentation at SourceCon. To set the stage a little bit, SourceCon, for those of you who haven’t been, we’re a conference for recruiters and sourcers. Anybody who uses the Internet or other techniques to identify and engage with potential job candidates, come to our conference. Most of our speakers, because of that, come from the industry. They’re technical experts at using different types of tools to find people online and engage with candidates. That is the topic that we talk about.
Occasionally, there is a person from outside of our industry that can really add a lot to our conversation. That’s where Michele comes in. Michele is a security expert. I’m going to let her define what she does for us, because she’ll do much better than I will. She is a security expert that has a lot of ideas that I think are relevant to our community. It’ll be interesting to hear her presentation.
Michele, can you tell us a little bit about yourself, where you work, and what you guys do.
Michele: Sure. My business title is chief influencing agent at Social-Engineer, Inc. I know that sounds really scary, but our company specializes in securing companies and educating companies against the danger of human based attacks. In the industry and in retail and in government, we spend lots of money on firewalls and super cool boxes that we think are going to keep us safe. But, then we don’t account for perhaps a friendly person walking in the door and asking to be let into H.R., or asking for directions, or asking for information.
What my company does is we specialize in human based attacks and human based security. I’m really excited for the chance to talk to SourceCon people, because I think that there is a great way to take the information and the resources that we use to help your audience do better at their job, and find candidates, and become comfortable in establishing rapport and helping people make some choices.
Jeremy: Absolutely. One of the things that you as social engineers get really good at is making people comfortable and getting them to give you information. Am I correct in that? Is that a good summary?
Michele: Yeah, absolutely. And, building rapport and being able to break the ice is really very critical to what we do. Because what we do is online, in person, and over the phone. Our abilities to connect with people and seem friendly and approachable are really critical. I think those skills hopefully apply to sourcers and recruiters as well, because you’re probably that interface between individuals and candidates and companies, and your ability to communicate, influence and build relationships, I would think, would be very critical in your success.
Jeremy: Absolutely, absolutely. For those of you who are not involved in the SourceCon book club or reading our first book right now, it was actually written by Michele’s partner. It’s called ‘Social Engineering: The Art of Human Hacking.’ If you’re not involved in that, you should look it up and join our book club conversation in our Facebook group. Because it’s got some great information about this, and I think it will set the stage for what Michele will talk about.
One of the things that stands out is social engineering is something that we’ve all done ever since we can remember. It’s how we get what we want from people. Social engineering in itself isn’t bad. It’s people who use it for malicious purposes. I think we’re going to take the things that you guys teach and share with companies, and we’re going to take the good things and use it for good purposes, which is finding good people for our companies. I don’t want anyone to think we’re going to be teaching how to do deceptive things at SourceCon. I think there’s a lot of great information to share here.
When people are breaking into companies or trying to gather information about companies, what are a few things that companies aren’t aware of that go on?
Michele: I think the main thing that companies really don’t understand is the value of the information that they hold. I think that goes down to an individual level as well. When you think about random facts about you that you’re willing to post online and on social media, you don’t realize how much information that could provide to someone that has malicious intent.
Jeremy, I’m really glad you brought up the point about social engineering basically being a tool, because I think it’s really, really important. If you have parents and children, they have these kinds of relationships where they are positively influencing, and if you have mentors and if you have people who have guided you through life that is social engineering as well. It definitely runs the gamut. I think we can think about all sorts of con men and deceitful ways social engineering is used, but a lot of people don’t consider that this can be very positive and a way that you can help the people that you love and care about and that you have professional relationships with create more positive choices and create influence that way.
The tools that we use really come down to creating those relationships and helping people and companies understand that they have valuable information that they need to either protect or be able to at least be mindful of who they share that with.
Jeremy: Absolutely. I don’t want to go too far, because I think your presentation’s going to be amazing. I don’t want to dive too far into it. What would you say people should expect to hear from you at SourceCon?
Michele: At SourceCon, the main topic that I’m going to be talking about is the gathering of information. That’s the linchpin of every social engineering engagement. It really relies on the quality of information and the quantity of information that we’re able to obtain on the companies that we’re serving. A company may not be aware of their own individuals posting on social media, or even information that a company really wouldn’t want released to the public, that’s inadvertently posted on a site that’s made public to the Internet somehow.
What we do at the very beginning of a social engineering engagement is find out as much information as possible on a company or particular individual to be able to create a situation that helps us with influence with the security testing. I think again that has really clear applications for sourcers who are trying to find good talent and a good fit in order to serve their clients as well.
Jeremy: Absolutely. I know I’m very excited about this. I think this is going to be a great presentation. Tell us really briefly, then we’ll end this, how you got into this. Was this something you studied? Was this something you fell into? It’s fascinating. It would be interesting to hear that path.
Michele: I wish I could say that it was a really direct and conscious selection on my part. My undergraduate degree is in behavioral sciences, and I have a master’s in counseling. I came up in technology, so I have a foot in both sides and I have an understanding of both.
I happened to meet up with Chris Hadnagy, my boss, through a mutual professional acquaintance. It really went from there, because Chris is very much a professional social engineer. I have a good understanding of the psychology and the background of influence and rapport building. We were a very good fit and we create a lot of depth and breadth for our clients.
Yeah, that’s a nutshell. Yes, it was something that I fell into but I happened to be a good fit for, fortunately.
Jeremy: Absolutely. You know what? That will resonate with our audience, because I don’t think anybody ever planned to be a sourcer or a recruiter, unless they had maybe a family member who was. I think that’s a similar story to most of the other people you will meet at SourceCon.
You mentioned Chris. Chris presented at SourceCon in New York City. I think it was 2010 or 2011. It was my first SourceCon event that I actually went to before I worked at SourceCon. It was a great presentation. Maybe one day we can get the two of you together. Because I’ve seen some YouTube videos of you guys, and you guys play off of each other really well. It seems like a lot of fun.
Michele: It’s really kind of a Mutt and Jeff act, but we have a lot of fun together. I think that would be fantastic. We’d really enjoy that.
Jeremy: Well, very cool. Thank you very much. If people want to follow you and read what you put out there, are you on social media a lot? How should people stay in touch with you?
Michele: Well, our website is social-engineer.com. That’s the commercial training and services side. But, we also have an educational site which we feel is critical and is open to everybody. That is social-engineer.org. Our corporate Twitter is #SocEngineerInc.
Michele: And so we . . . I am so looking forward to meeting your folks, and I think it’s going to be a great time.
Jeremy: Yeah, it’s going to be a really good time. Thank you for taking time today to record this podcast. We’ll talk with everyone soon. Thank you.
Michele: Bye bye.