Social Engineering At Work – How to use positive influence to gain management buy-in for anything

DerbyCon 8.0 - Evolution

Presented by: April C. Wright
Date: Sunday October 07, 2018
Time: 09:00 - 09:50
Location: Marriott I & II
Track: Track 1

Do you understand how to navigate office politics and regularly get what you want and need to make your security efforts take off and be successful? Are there projects or programs you want to institute, but have trouble getting started or knowing how to get people on-board? Most of us understand how SE can be used to test for human vulnerabilities, but socializing at work may give us a yucky feeling. However, if you really want to learn how to get buy-in for your ideas or projects and get what you want, you need to be able to navigate the social system at work and exert indirect influence. It is possible to study and reverse the “dark arts” of SE to actually achieve positive goals; SE principles are used every day by savvy business people to make things happen, even if they don’t realize that they’re using them. Let’s define ways even the most introverted person can play the corporate game in a non-malicious non-manipulative way. Then, we can use this knowledge within our organizations to improve our security posture, “sell” security to stakeholders, and lessen risk. Learn how to utilize the tools of SE “for good” so that we can better serve our infrastructures and customers.

April C. Wright

April C. Wright is a hacker, author, teacher, and community leader with over 25 years of breaking, making, fixing, and defending global critical communications and connections. She is an international speaker and trainer, educating others about Information Security, with the goal of protecting individual privacy and important assets to make the digital components that impact our lives safer and more secure. A security program specialist for a Fortune 15 company, April has held roles on offensive, defensive, operational, and development teams throughout her career, and been a speaker and contributor at numerous security conferences including BlackHat, DEF CON, DerbyCon, Hack in Paris, DefCamp, ITWeb, as well as for the US Government and industry organizations such as OWASP and ISSA. She has started multiple small businesses including a non-profit, is a member of the DEF CON Groups Core Team, and in 2017 she co-founded the Boston DEF CON Group DC617. April has collected dozens of certifications to add letters at the end of her name, almost died in Dracula’s secret staircase, and once read on ‘teh interwebs’ that researchers at the University of North Carolina released a comprehensive report in 2014 confirming that she is the “most significant and interesting person currently inhabiting the earth”, so it must be true.


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats