In the context of information security, social engineering is a practice that can help hackers to acquire personal information, insights, and access. Social engineering techniques can also be used by hackers and non-hackers alike to become more skilled at observing the people around them and making informed decisions that are based on these observations. In this session, you will learn how to take a social engineering approach towards improving your team dynamics, including: - Strategies for assessing your team's current strengths and areas of improvement. - Recommendations for developing an action plan to initiate change, and using ongoing observation techniques to effectively manage change. - Best practices for resolving conflict, particularly for team members with different communication styles.

1. Socially Engineering Your
Pathway to a Better Team
Olivia Liddell
@oliravi

2. @oliravi
About Me
● Technical Curriculum Developer at Amazon Web Services
● Certified Ethical Hacker and Computer Hacking Forensic
Investigator
● Background in cultural anthropology and change
management

3. @oliravi
Agenda
● Assessing your team’s current strengths and areas of improvement
● Developing an action plan to initiate change
● Using ongoing observation techniques to effectively manage change
● Resolving conflict, particularly for team members with different
communication styles

4. @oliravi
What is Social Engineering?
“...any act that influences a person to take an action that
may or may not be in their best interest.”
- Security Through Education

5. @oliravi
“The goal of the social engineer is to get you to make a
decision without thinking.
The more you think, the more likely you are to realize you
are being manipulated, which of course is bad for the
attacker.”
- Christopher Hadnagy, Social Engineering: The Art of Human Hacking

7. @oliravi
My Observations about the Location
Huge resort with some rooms about a
15-minute walk from the main lobby

8. @oliravi
My Observations about the Location
Most guests were wearing relaxed
attire, shorts, swimwear, etc.

9. @oliravi
My Observations about the Location
The busiest times for the lobby were
between 12-3 PM

10. @oliravi
My Observations about the Front Desk Agents
Afternoon: 10 front desk agents
were working

11. @oliravi
My Observations about the Front Desk Agents
New agents were wearing a special
“Trainee” badge

12. @oliravi
My Observations about the Front Desk Agents
Some agents were more talkative
than others

13. @oliravi
My Observations about the Front Desk Agents
Some agents were smiling and using
more hand gestures than others

14. @oliravi
My Observations about the Front Desk Agents
Differences in how the agents called
out to the next person in line

15. Observe your team from
an outside perspective.

16. @oliravi
“Ethnography is the work of describing a culture. The
central aim of ethnography is to understand another way of
life from the native point of view. [...]
Rather than studying people, ethnography means
learning from people.”
- James P. Spradley, Participant Observation

17. @oliravi
Describe your team.
● Size
● Location(s)
● Remote percentage
● Single department or cross-functional

18. @oliravi
Describe your team.
● Range of technical skills
● How long has the team been together?
● Which members tend to speak most often in meetings?

19. @oliravi
Describe your team.
● Which members prefer to share their ideas through
other communication channels?
● How frequently do more senior members pair together
with more junior members?
● How do members interact with each other outside of
meetings or project settings?

20. @oliravi
What do they value?

21. When developing an action plan,
begin with quick wins.

23. @oliravi
“As a social engineer, remember that you don’t need to
immediately go for the exact flags you need.
Get some minor ones to help build those feelings that will
lead the person to concede and comply.”
- Christopher Hadnagy, Social Engineering: The Art of Human Hacking

24. @oliravi
Strategy:
Good / Better / Best

25. @oliravi
Hotel Example
● Good: Any personal information that they can provide
○ Phone number
○ Email address
○ Type of credit card that was used to reserve the room
● Better: Room number
● Best: Keycard to access the room

26. @oliravi
Team Example
● Good: More juniors asking for help from their senior colleagues
● Better: Lunch and Learn sessions to share knowledge and build
skills
● Best: A formal mentorship program to pair junior and senior team
members together

27. Observe how and why team members
are responding to change.

29. @oliravi
What do they value?
What’s in it for them?
Why should they want to do this?

30. @oliravi
Prosci: ADKAR Model for Change Management
Awareness of the need for change
Desire to support the change
Knowledge of how to change
Ability to demonstrate skills and behaviors
Reinforcement to make the change stick

31. @oliravi
Hotel Example: What do they value?
● Helping the guest to have a smooth and positive interaction
● Helping someone in distress to have a better day
● Depending on the agent:
○ Being able to quickly move onto the next guest in line - OR -
○ Spending more time making a meaningful connection with the guest

32. Resolve conflict by offering a
solution and value that are based
on your observations.

34. @oliravi
What do they value?
What’s in it for them?
Why should they want to do this?

35. @oliravi
Dwight
“I have to ask our manager if
it’s okay for me to help you.”
Jim
“Before I can help you, we
need to fix Jira first.”
�

36. DirectIndirect
Assertive
Passive
Jim
Dwight

37. @oliravi
Resolving Conflict
● Be assertive (but not aggressive).
● Make your elevator pitch.

38. @oliravi
Team Example: What do they value?
Having an efficient and
methodical workflow
Learning new skills that
could lead to a promotion
Dwight Jim

39. @oliravi
Resolving Conflict
● Be assertive (but not aggressive).
● Make your elevator pitch.
● Follow up with relevant examples or metaphors.

40. Conclusion

41. @oliravi
Summary
● Observe your team from an outside perspective.
● When developing an action plan, begin with quick wins.
● Observe how and why team members are responding to change.
● Resolve conflict by offering a solution and value that are based
on your observations.

42. @oliravi
Additional Resources
● Christopher Hadnagy - Social Engineering: The Art of
Human Hacking
● Kevin Mitnick - The Art of Deception: Controlling the
Human Element of Security
● James P. Spradley - Participant Observation

43. @oliravi
Additional Resources
● Kim Christfort and Suzanne Vickberg -
Business Chemistry: Practical Magic for Crafting Work
Relationships
● Robert A. Rohm - Positive Personality Profiles
● Prosci: ADKAR Model for Change Management

45. @oliravi
Thank you!
Slides: olivialiddell.com