ANTI-SOCIAL ENGINEERING TRAINING 

Make your employees resistant to online and offline psychological manipulation 

Who is this training for?
This training is for any organization looking to strengthen the human element in their information and data security systems.

​

Training topics

Our training program focuses on developing protection against psychological manipulation by adapting the military concept of situational awareness to data-sensitive human interactions. Through our training, participants will learn how to recognize and prevent social engineering attacks in cyberspace and physical environments. Here are some of the topics we cover:

​

• Psychological manipulation: experiences, expectations, and fears

• The building blocks of social engineering attacks and how they operate

• Situational awareness as a military concept

• The relationship between psychological manipulation and situational awareness: the concept of social situational awareness

• Detecting psychological manipulation in the social situational awareness framework

• Known social engineering attacks and recommended responses: phishing, spear phishing, pretexting, quid pro quo, baiting, telephone manipulation, deep fake applications, etc.

• Using open-source intelligence (OSINT) against malicious social engineers

• Off-line manipulation methods and recommended responses

• Calibrating awareness: the paranoia-negligence scale

• Methods of maintaining effective social situational awareness long term

​

Methodology:

Our training curriculum was developed based on our experience in law enforcement, intelligence gathering and evaluation, as well as being a target of social engineering schemes. To produce lasting behavior change, we link knowledge transfer to trainee experience and corresponding emotions. To achieve this, we use simulation exercises as the experiential core of our training. In between the two half-day training sessions, trainees work independently to plan and execute a social engineering attack against a mock target we set up for this purpose. We evaluate results as part of the second training day and connect the experience to technical information processed during the training. The closing session summarizes/consolidates lessons learned by walking trainees through some of our social engineering case studies. This helps them develop an understanding of current social engineering schemes, the goals, motivations, emotional states, and context of the attacking party - a key to successful defense against ever-developing social engineering methods in the long run.

​

Delivery:

Our training is delivered to groups of up to 15 trainees in a classroom-like environment. The training takes two half-days and can be held at the client's facilities or our own, as requested. Between the two training days, participants work independently on a simulation task.

​​