Ethics in Social Engineering - Destroying the Target is Not the Goal

Presented at Diana Initiative 2019, Aug. 10, 2019, 4 p.m. (60 minutes)

Ethics in penetration testing and specifically social engineering is a topic that is rarely addressed and frequently left up to the individuals involved. What is the difference between morals, ethics, and culture? Why do those distinctions matter. This presentation discusses best practices and the potential adverse impacts of unethical behavior. Why should the Social Engineer care about the target and why should the client care about the Social Engineers ethical values and approach.

Presenters:

• Kathleen Mullin - CISO at Healthmap Solutions
  Kathleen (Kate) Mullin CISSP, MLSE, CCSFP Kate Mullin is an influential information security practitioner with more than 30 years of experience in various accounting, audit, risk, governance, and information security roles. She has been a CISO at various organizations including publicly traded, private equity, not-for-profit, and governmental entities. Kate established the role of CISO at Tampa Airport and at Healthplan Services. Kate was the CISO for Adventist Health System and WageWorks and has a vast array of first-hand experience in various areas of information security from social engineering to presenting to Boards. Kate has a BSBA with a concentration in Accounting from St Joseph’s College, Maine and an MBA from Florida Metropolitan University. Kate is now a vCISO providing services for colleges and universities, third party administrators (TPA), and financial, and healthcare firms. Kate provides interim CISO, fractal CISO and vCISO services as well as DPO guidance. Throughout her career, Kate has volunteered and participated in maturing information security as a profession. Kate is a former member of the ISACA CGEIT Certification and Credentials Committee and a past chapter president and CISA, CISM, CRISC, and CGEIT coordinator for West Florida ISACA. Kate has been a part of the CISO Coalition governing board, participating in their teams such as the one created for the EUGDPR and has moderated at several of their events. Kate is cited by publications as an expert in information security including governance, social engineering, and general security trends. Kate serves internationally as a featured speaker and panelist at webinars, seminars, and conferences, delivering presentations on diverse topics including Reducing Compliance Risk, Commonly Accepted Standards, IT Audit Becoming a Trusted Advisor, Social Engineering, CISO Organizational placement, Audit Logging and Log Management, and Information Security Incident Response. Kate was one of the panelist to six startups for “Shark Tank” 2017 in San Francisco "Enterprise IT Security Demo Day” hosted by Glynn Capital Management, DocuSign, Silicon Valley Bank, and Dropbox. She spoke at the COSAC and SABSA conference Kildare, Ireland 2018 as well as DefCon 26 https://www.youtube.com/watch?v=F1sbd7hFFy4 Tampa BSIDES 2019, and is a regular presenter for AHIA and MISTI.

Links:

• https://dianainitiative2019.busyconf.com/schedule#activity_5c70871f6220415ea7000063

Similar Presentations:

• DeepSec 2013 „Secrets, Failures, and Visions“ / Social Engineering Awareness Training - One Day Training Course
• DEF CON 21 (2013) / Social Engineering The Gentleman Thief
• PancakesCon 1 (2020) Virtual / Social Engineering and Beekeeping