Attend Wild West Hackin' Fest (WWHF) in Deadwood, In-Person and Virtual!
[ Ссылка ]
In a follow-up to the talk Ethical Phisheries we will discuss what can be done with data collected during an ethical phishing campaign. Ethical phishing campaigns attempt to remove fear, uncertainty, and doubt (FUD) from phishing exercise lures. FUD often leads to bad outcomes in phishing exercises including a distrust of security teams by the people they are trying to protect. In an ethical phishing exercise the goal is testing email controls, not necessarily people. What rules can be created or improved? How do you make other teams at your company into security champions? Phishing emails delivered, opened, and links clicked are where many phishing exercises begin and end. To gain real value from a phishing operation we need to look at more than if a target was “caught”, but instead look at “how did the bait get there in the first place?” This talk will look at common phishing emails that cause issues, how to build better phishing pretexts, and how to incorporate what you learn from your ethical phishing exercise into a sustainable phishing program that continuously protects your organization.
Ean Meyer is an Associate Director of Security Assurance for a multi-billion-dollar global resort company. When not working with large enterprises he can be found at Full Sail University teaching the next generation about information security and risk management as a Course Director in the IT and Cybersecurity programs. He is also the President of BSides Orlando and mentoring co-lead for The Diana Initiative.
Ean has spoken at BSides Orlando, BSides Tampa, and InfoSec World. He has been a panelist at ISC2 Congress, Department of Homeland Security – Corporate Security Symposium, and the upcoming Synapse Summit 2021. He also runs workshops such as Advanced Cubicles & Compromises, which is a tabletop incident response workshop for Wild West Hackin’ Fest. In 2019 Ean competed in the Social Engineering Capture The Flag at Defcon 27 where he took 5th place.
Ean holds a CISSP, EC-Council – CEH, and an MS in Cybersecurity and Information Assurance
You can find him at [ Ссылка ] – Twitter @eanmeyer – LinkedIn @eanmeyer
