Olivia Liddell - Chicago PHP User Group - Socially Engineering Your Pathway to a Better Team

Socially Engineering Your
Pathway to a Better Team
Olivia Liddell
@oliravi

@oliravi
About Me
● Technical Curriculum Developer at Amazon Web Services
● Certified Ethical Hacker and Computer Hacking Forensic
Investigator
● Background in cultural anthropology and change
management

@oliravi
Agenda
● Assessing your team’s current strengths and areas of improvement
● Developing an action plan to initiate change
● Using ongoing observation techniques to effectively manage change
● Resolving conflict, particularly for team members with different
communication styles

@oliravi
What is Social Engineering?
“...any act that influences a person to take an action that
may or may not be in their best interest.”
- Security Through Education

@oliravi
“The goal of the social engineer is to get you to make a
decision without thinking.
The more you think, the more likely you are to realize you
are being manipulated, which of course is bad for the
attacker.”
- Christopher Hadnagy, Social Engineering: The Art of Human Hacking

@oliravi
My Observations about the Location
Huge resort with some rooms about a
15-minute walk from the main lobby

@oliravi
Most guests were wearing relaxed
attire, shorts, swimwear, etc.

@oliravi
The busiest times for the lobby were
between 12-3 PM

@oliravi
My Observations about the Front Desk Agents
Afternoon: 10 front desk agents
were working

@oliravi
New agents were wearing a special
“Trainee” badge

@oliravi
Some agents were more talkative
than others

@oliravi
Some agents were smiling and using
more hand gestures than others

@oliravi
Differences in how the agents called
out to the next person in line

Observe your team from
an outside perspective.

@oliravi
“Ethnography is the work of describing a culture. The
central aim of ethnography is to understand another way of
life from the native point of view. [...]
Rather than studying people, ethnography means
learning from people.”
- James P. Spradley, Participant Observation

@oliravi
Describe your team.
● Size
● Location(s)
● Remote percentage
● Single department or cross-functional

@oliravi
Describe your team.
● Range of technical skills
● How long has the team been together?
● Which members tend to speak most often in meetings?

@oliravi
Describe your team.
● Which members prefer to share their ideas through
other communication channels?
● How frequently do more senior members pair together
with more junior members?
● How do members interact with each other outside of
meetings or project settings?

When developing an action plan,
begin with quick wins.

@oliravi
“As a social engineer, remember that you don’t need to
immediately go for the exact flags you need.
Get some minor ones to help build those feelings that will
lead the person to concede and comply.”
- Christopher Hadnagy, Social Engineering: The Art of Human Hacking

@oliravi
Strategy:
Good / Better / Best

@oliravi
Hotel Example
● Good: Any personal information that they can provide
○ Phone number
○ Email address
○ Type of credit card that was used to reserve the room
● Better: Room number
● Best: Keycard to access the room

@oliravi
Team Example
● Good: More juniors asking for help from their senior colleagues
● Better: Lunch and Learn sessions to share knowledge and build
skills
● Best: A formal mentorship program to pair junior and senior team
members together

Observe how and why team members
are responding to change.

@oliravi
What do they value?
What’s in it for them?
Why should they want to do this?

@oliravi
Prosci: ADKAR Model for Change Management
Awareness of the need for change
Desire to support the change
Knowledge of how to change
Ability to demonstrate skills and behaviors
Reinforcement to make the change stick

@oliravi
Hotel Example: What do they value?
● Helping the guest to have a smooth and positive interaction
● Helping someone in distress to have a better day
● Depending on the agent:
○ Being able to quickly move onto the next guest in line - OR -
○ Spending more time making a meaningful connection with the guest

Resolve conﬂict by offering a
solution and value that are based
on your observations.

@oliravi
Dwight
“I have to ask our manager if
it’s okay for me to help you.”
Jim
“Before I can help you, we
need to fix Jira first.”
�

DirectIndirect
Assertive
Passive
Jim
Dwight

@oliravi
Resolving Conﬂict
● Be assertive (but not aggressive).
● Make your elevator pitch.

@oliravi
Team Example: What do they value?
Having an efficient and
methodical workflow
Learning new skills that
could lead to a promotion
Dwight Jim

@oliravi
Resolving Conﬂict
● Be assertive (but not aggressive).
● Make your elevator pitch.
● Follow up with relevant examples or metaphors.

@oliravi
Summary
● Observe your team from an outside perspective.
● When developing an action plan, begin with quick wins.
● Observe how and why team members are responding to change.
● Resolve conflict by offering a solution and value that are based
on your observations.

@oliravi
Additional Resources
● Christopher Hadnagy - Social Engineering: The Art of
Human Hacking
● Kevin Mitnick - The Art of Deception: Controlling the
Human Element of Security
● James P. Spradley - Participant Observation

@oliravi
Additional Resources
● Kim Christfort and Suzanne Vickberg -
Business Chemistry: Practical Magic for Crafting Work
Relationships
● Robert A. Rohm - Positive Personality Profiles
● Prosci: ADKAR Model for Change Management

@oliravi
Thank you!
Slides: olivialiddell.com

Olivia Liddell - Chicago PHP User Group - Socially Engineering Your Pathway to a Better Team

More Related Content

Similar to Olivia Liddell - Chicago PHP User Group - Socially Engineering Your Pathway to a Better Team

More from OliviaLiddell

Recently uploaded

Olivia Liddell - Chicago PHP User Group - Socially Engineering Your Pathway to a Better Team