Phishing Dark Waters, Social Engineering Hacking, Human Vulnerability – with Chris Hadnagy

This episode is sponsored by the CIO Scoreboard

Chris Hadnagy specializes in understanding how malicious attackers exploit human communication and trust to obtain access to information and resources through manipulation and deceit. His goal is to secure companies by educating them on the methods used by attackers, identifying vulnerabilities, and mitigating issues through appropriate levels of awareness and security.

Listen to the show on iTunesListen to the show on SoundCloudListen to the show on StitcherListen to the show on YouTube

Download the Full Transcript>>

Chris, is the founder and CEO of Social-Engineer. Chris possesses over 16 years experience as a practitioner and researcher in the security field. His efforts in training, education, and awareness have helped to expose social engineering as the top threat to the security of organizations today. What I found fascinating from Chris’ bio is that he is a certified Expert Level graduate of Dr. Paul Ekman’s Micro Expressions courses, having made the study of non-verbal behaviors one of his specialties.

He established the world’s first social engineering penetration testing framework at, providing an invaluable repository of information for security professionals and enthusiasts. The site grew into a dynamic web resource including a podcast and newsletter, which have become staples in the security industry and are referenced by large organizations around the world. Chris also created the first hands-on social engineering training course and certification, Advanced Practical Social Engineering.

A sought-after writer and speaker, Chris has spoken and trained at events such as RSA, Black Hat, and various presentations for corporate and government clients. Chris is also the best-selling author of three books. My favorite was Phishing Dark Waters: The Offensive and Defensive Sides of Malicious Emails , which is his latest that I read.

Major take – aways from this episode are:

  1. Reminder: you can download the transcript of the entire interview at
  2. A classic story of a Social Engineering hack that Chris did is at the 12 minute mark and is a great example that will remind you of what you need to do to train employees.
  3. The importance of the brain and amygdala as it relates to IT Security.
  4. The importance of the psychology of security.
  5. The importance of non-verbal facial expression and body language.
  6. How to trigger empathy and compassion in a target which really shows how this method is so effective.
  7. The role of mirror neurons.
  8. You will understand the brain and how it reacts to fear, emotion, and danger in relation to social engineering hacks.
  9. @ 35 minutes learn about What is a BEC Scam – Business Email Compromise and how to avoid it.
  10. The difference between Whaling, Vishing, and Phishing.

I have linked up all the show notes on when you can get access to Chris Hadnagy’s books and publications.

How to get in touch with Chris Hadnagy



Social Engineer Podcast


Social Engineer Blog

Books/Publications/ Videos:

This episode is sponsored by the CIO Scoreboard, a powerful tool that helps you communicate the status of your IT Security program visually in just a few minutes.

* Outro music provided by Ben’s Sound

Other Ways To Listen to the Podcast
iTunes | Libsyn | Soundcloud | RSS | LinkedIn

Leave a Review
If you enjoyed this episode, then please consider leaving an iTunes review here

Click here for instructions on how to leave an iTunes review if you’re doing this for the first time.

About Bill Murphy
Bill Murphy is a world renowned IT Security Expert dedicated to your success as an IT business leader. Follow Bill on LinkedIn and Twitter.