That is the exact opposite of his point.

quiz nos what did he teach?

@@sketchyAnalogies one of my ECE classes. Also said "in electrics you do wrong, things go boom, everyone dies" He was very strict about pass fail, no partial credit AT ALL. "Grades like my class. Digital."

quiz nos holy moly. I’m actually a EE student. I’m really interested in infosec and physical security as a hobby and a cool thing to understand, but my real passion is with EE. My goal is to design control systems for Walt Disney Imagineering, it perhaps another company.

Brilliant

Same 👍

You can't fix stupidity. Apathy is also hard to fix. Both are the roots of social engineering.

@Duncan Murphy I literally stopped my 74 year old mother from getting scammed just 3 days ago when I overheard her talking on the phone and saying, quite timidly, "Ok, I'll have to grab my laptop from the other room…". Everything I've said to her, over years and years, just went out the window. "Mom, he wasn't from MasterCard because they won't make you login to your computer and web banking, remember?" "Well, he sounded pretty serious." Aargh!😖 Couldn't keep him on the line long enough to get a VPC trap ready for him, unfortunately.😔

To be fair, there are always new people. By definition, it's an endless battle and this kind of talk is always going to be necessary. People don't learn stuff from nowhere. That said, the thing with your mom is pretty bad.

Its frustrating, but I think Jayson made a good point with gameification and personalizing the lessons. If an employee knows to click the boxes on the survey every year that you send out, but only apply that to a survey, and they're clicking on links in emails, we're the ones failing the employees by not educating them, not the employees failure to not inherently know all of the tricks the bad actors use. The military drills its soldiers so they will act on instinct, sports teams drill their players to act on instinct. We need to drill our employees so they too will act on instinct. And yes those first few drills will make you want to drive your hand through your forehead with the amount of facepalming you do. You will lose faith in all of humanity with that first group of drills. But you keep drilling, you keep reeducating, you keep teaching. Put out the game, give them a little reward, and you start seeing that instinctual behaviour. Jayson gave a talk about bank employees once. He said that if someone came into a bank in a black ski mask and an uzi, everyone would know what to do. There's that instinct. They know what to do in specific circumstances. The instinct is already there. Its our job to educate, to drill, to hone that instinct to the point where they dont have to think anymore. They act. And they act correctly. And then dont stop drilling once you get the behaviour that you want. You keep drilling, keep honing the instinct so that if something bad does come down the pipe, your users are a part of your security team.

​@@burningisisconsidering how little shit's people seem to give and how much people seem to give about random small thing's, chances are that this wont happen my friend. Your points valid and does provide some solution with examples, but companies implementing these things is not looking likely to happen

He sounds extra pissed tho

Oh I like that Baby. I put on my robe and wizard hat.

@@asperbergers7136 based

Cocaine is nature's pep talk.

Epik

Actually, usually "Pepsi Max'd" when it comes to Jayson 😝

he meant ":)"

What is the way to raspy, and why would you go there?

LOL it's kinda sick

@@slappy8941 wow you're so smart for recognizing a grammar mistake. I bet you try your best every day to make everyone else think you're smarter than you are

@@9393jack it was pretty funny

He needs more diet coke

Most places have a number of strikes, at least. But if you can't detect a phishing link, whether from inside the company or out (and the real ones may be internal, too), you're a liability to the business.

I think you missed the point with his talk with like a mile or so. Maybe watch it again and actually listen.

Well they would never have become computer nerds if they had learned social skills.

And they never point out the one thing that actually makes them successful: not having the fear of getting caught. Anyone can play off some goofy scheme to hack you if there's no fear. Go in to a place for REAL and try this stupid shit, where if you get caught, you're going to jail. I guarantee you won't just be hangin out in the breakroom, calmly drinkin' a glass of water.

@@forge20 did you really listen? A massive majority of his talk was directed at insider threats (intentional and not), testing your security products to make sure your solutions work as intended and more. Yeah he hits on social engineering. But the point is if someone like him can skip on through, anyone with half a brain and some decent social skills will own companies. If what he is giving is useless information, why is it these basics are ignored at many companies and year after year you hear about breaches or stupid shit like plain text passwords, unpatched systems, or dumb employees opening shifty emails. This needs to be drilled into everyone heads and it's why he and others harp over it over and over and talk about why they own people's shit. Because it's litterally child's play if youre more than halfway motivated and with a bit of skill.

Dude, he addresses this very issue in this talk kzfaq.info/get/bejne/opd_eauQrZ60moU.html Jayson is awesome, and I've had the pleasure of meeting him a few times too 👍

Jayson would have almost 100% been able to break in to your company. This was one small example of thousands, and you are WAY over-generalising by saying "these 'hacks'".