Foreword

I can still remember clearly when I sat down and started writing the framework at social-engineer.org. I searched the Internet for helpful hints on topics I wanted to cover. Nevertheless, Social Engineering was not a hot topic at that time.

I could find videos on getting free food from drive thru’s or picking up girls… but nothing to do with security. Around the same time I was writing the framework, I worked hard to try and include social engineering in any security work I was doing. Most of the time companies would say things like, “Why try? We know we will fail.” or “There is no way anything like that would work on me!”

I even resorted to giving away the services at times, just to prove how dangerous social engineering was. Fast forward now years into the future, people are emailing and calling for quotes on social engineering work every day. With the increase in interest comes the increase in “providers” of these services.

Unfortunately, for you, the readers of this book, there are so many providers it must be mind numbing to try and chose the right one. You may have asked yourself questions like “How do I know I am working with a good provider of SE Services?” “What is a social engineering pentest really?” and many more questions.

When I was approached about writing the foreword for this book, I was pretty strict about slapping a foreword inside these pages, until I read the book and understood what message these guys were trying to send. I had a few phone meetings to discuss their thoughts on topics and then I received the early editions of their writing.

As I read through each chapter, I felt like I found a group of guys who “got it.” They made it clear what a social engineering pentest is, what questions you should ask, and how you can make the best of the budget you have to include this very important aspect into your yearly checkups.

Years later, here I am still offering social engineering services. I used to be one of the few, now one of the many but a book like this will help you find those of us that really know, understand, and ARE social engineering professionals.

I know you will enjoy this book. For your business folks out there, you will especially enjoy Chapter 5. It will help you understand then relate why it is important to engage a social engineer for your security needs.

The section in Chapter 7 about pretext development is an excellent coverage of a very difficult topic that I know any ardent student of social engineering will want to study.

Chapters 14 and 15 will surely help you if you are seeking information on how to set up an effective awareness program.

These are just a sampling of the chapters. Each one has benefit for you.

I truly appreciate the chance I have had to read the work of Gavin, Andrew, and Richard. They have been open to my advice, more than patient with my busy schedule but most importantly they care about security. They don’t preach “stupid users” but they preach “uneducated users,” that is a message I hold close to my heart. My motto from day 1 has been “Security through education.” It is nice to find a group, like the authors of this book, that think the same way.

Sincerely,