Helping the Human Element: Educating in Social Engineering

Cybersecurity professionals seek to stop hackers and other malicious parties from gaining access to their systems by shoring up all possible gaps in their technology, but often overlook the weakest point in their system: the human element. Because people are often one of the first things a malicious party will attempt to manipulate during an intrusion, Social Engineering must be protected against alongside other forms of exploitation, in order to best protect information. However, much of the industry information regarding Social Engineering are anecdotal, making it difficult to teach industry professionals proper defense mechanisms and policies. If the cybersecurity industry is going to protect against Social Engineering attacks, proper in-depth education on the subject needs to be available to those within the field. In this paper, the writers explore and discuss the field of cybersecurity known as social engineering. After a review of the field as it currently stands, the writers will outline a graduatelevel curriculum for social engineering education, which can be used to teach aspiring offensive cybersecurity analysts the best methods to test the security of an organization’s human element, as well as teach aspiring security professionals about best practices and policies that they can use to protect the resources they are responsible for.