Tactics and training approaches for defending against social engineering attacks that manipulate human behavior. Covers pretexting, baiting, tailgating, vishing, and impersonation schemes, along with verification protocols and employee education to reduce human-factor vulnerabilities.
posts
In 2023, MGM Resorts lost roughly $100 million after a threat actor called a help desk, impersonated an employee found on LinkedIn, and talked their way past security controls. No zero-day exploit. No nation-state malware. Just a phone call. That incident crystallized something I've been telling organizations for
In March 2024, Change Healthcare suffered a ransomware attack that disrupted insurance claims processing for nearly every hospital and pharmacy in the United States. The root cause? Stolen credentials on a system without multi-factor authentication. One overlooked gap in cyber security brought a $32 billion company to its knees and
