I’ve decided to test my theory I wrote about the other day. I believe that companies are scared as hell when it comes to hiring security personnel. They will have to rely on the fact that the people they hire to help their clients or themselves from being attacked by hackers/evil won’t turn against them and run away with their own corporate data.
I spend a part of my day today talking to a local company and posed the question frank and open to them. Their response was surprisingly genuine and straight. I have to be honest that I didn’t expect that, so I was pleasantly surprised. They indeed confirmed that they had to think about the fact that someone who was applying for a job in the role of a database consultant also has a hackers mindset. It was indeed the hackers mindset that caused the awareness that everything what they said could be potentially useful for an attack.
Obviously I have no consent (or intent, ethical as I am…) from management to social engineer and/or to conduct an audit against their organisation, so there is no use for me to proceed in any way or form as this stage. However; I do have the feeling that I left them with serious food for thought when it comes to information security and the role of social engineering.
I think that a “to be continued” is in place for this one. We will see what happens next