Social Engineering 1st Edition

First off, full disclosure: Chris, the author, is a good friend of mine, I was the technical editor for the book, and I help run social-engineer.org. So it can be argued that I have a strong bias. Because of this, I was not going to write a book review for this title. However, I changed my mind based on the response I that I saw from others consuming the title.I, as well as most of my friends, come from the information security space. Within the insular information security community, perspectives don't always match the real world. People get worked up over minutia that in the real world has very little impact. Because of that, the credibility of much information security advice is often taken with a grain of salt by the general public.This is something that we were well aware of when starting social-engineer.org, and a trap that we have tried to avoid falling into. This philosophy of real world, practical, explanations of social engineering risks and the proper defense against them has followed through to the Social Engineering book. This makes a big difference in the actual suitability of this title in having more then a passing impact on most people's lives.This is exemplified by the wide range of people that I have seen read, understand, and enjoy this title. From my son, still at an age where he finds girls "icky", who after reading the book gives me suggestions on how better to correct him (Dad, you have to complement me, then give me suggestions in what to improve, then complement something else so that way I feel positive about the exchange) to my Grandmother who while she won't read the book cover to cover flips through it and chuckles at the examples that directly relate to her life. From the marketing major who finds examples of subtle ways of influencing others into having a positive view on their products to the small business owner that wants to protect her business against threats and finds steps that can be put in place today to better protect her business.This is not just a book for those of us in the information security space, this is a book for everyone that interacts with modern society.I am glad to see this book find an audience beyond the information security space, as that is where it can have the most benefit. My suggestion is, after reading this book don't just put it on the shelf with your titles on python programming and firewall configurations. Pass it on to your husband or wife, son or daughter, parent or grandparent, friend or co-worker. Give it to someone that would not normally read a book about how to configure their desktop file permissions to best mitigate the chances of a malware attack.This is the security book for the general public. That is where it will have the most impact.

"Social Engineering: The Art of Human Hacking", by Chris Hadnagy is arguably the best book of its kind. Mitnick's books were great reads and highly interesting; however, Chris went above and beyond telling a story and applied an amazing framework around the stories. The framework implements somewhat of a scientific background to a multitude of techniques used by social engineers that allows for a whole new understanding of the inner workings of the topic. The book is possibly the best insight one can gain on the dangers faced by security environments from these masters of manipulation.However, the book takes more of an objective look into the subject and can be appreciated from a wide variety of audiences; not just the security officers of a company. Hadnagy's discussion on communication, persuasion, and influence techniques and tactics can be enjoyed by anyone. I found myself not enjoying this book as a security student trying to learn more about prevention and mitigation of a threat; but, enjoying it more as a learning experience on how I can use the topics discussed in the book to improve my communication ability. I was able to use techniques in this book in a recent presentation and found that my communication effectiveness was greatly improved just by focusing on small details and choosing my wording better. Chapters four, five, and six are great for these means; I found learning about micro-expressions and Neuro-Linguistic Programming particularly gripping.If you are looking at getting this book for improving your security awareness and learning more about how to prevent yourself from these types of attacks, the book delivers these points as well. The book provides several examples that allow you to analyze how these attacks are put into place and show you what to lookout for. A look at a wide variety of tools social engineers can use in their attacks, by providing an overview of each tool and how they would be used. Also, an entire chapter is dedicated on how to protect against these threats; and a plethora of tips are provided that Hadnagy has learned through his vast experience.I would recommend this book to anyone; as I mentioned, it can appeal to a wide audience and is a great purchase.