Dr. Erdal Ozkaya
Search
  • Home
  • About Me
  • Home
  • About Me
  • Home
  • Cybersecurity, Reviews, Book Reviews, Erdal in the news, Awards, My Books
  • Cybersecurity Canon Candidate Book Review: Learn Social Engineering

Cybersecurity Canon Candidate Book Review: Learn Social Engineering

Cybersecurity Canon Candidate Book Review
Erdal2021-10-02T22:13:43-04:00

Cybersecurity Canon Candidate

Executive Summary

Learn Social Engineering: Learn the art of human hacking with an internationally renowned expert will equip you with a holistic understanding of social engineering. It will help you  avoid and combat social engineering attacks by giving you a detailed insight into how a social engineer operates. The book covers topics ranging from baiting, phishing, and spear phishing, to pretexting and scareware.

Review

Learn Social Engineering starts with a comprehensive explanation of the concept of social engineering, which isn’t a topic that is discussed enough in the cybersecurity community. We frequently discuss phishing attacks but often avoid mentioning non-technical methods used to gain information to successfully execute a spear phishing attack. After several chapters discussing the motives behind and psychology of social engineering, the book moves to recon methods, targeting, and pretexting. I found these chapters exceptional. The entire book is well-written and well-researched, but the ability to distill difficult concepts in a manner that even a non-technical individual can comprehend is a skill. It’s easy to make things hard and hard to make things easy, is the conventional wisdom.

After the baseline of the first chapters, we move into the actual technology and tooling for social engineering, using screen shots, known attacks, and concrete examples of the tools in action. The author discusses emails, social media, phone calls, texts, etc., as means of gathering information to launch a successful social engineering attack. He does a good job describing the tooling and its use without opining about the quality of the various methods.

It is a very non-biased and academic approach, which I found refreshing. The final chapters in this book, however, are the most impactful. Having established the psychological baseline and defined social engineering and the attack methods, the author rounds out the content with expert opinions. Opinions by experts like Troy Hunt lend tremendous credibility to the topic. Because the author is based in Dubai, there is not a tendency to only have a U.S.-centric view, giving the book broader appeal. He finishes with needed reference material and source information.

This book should be required reading for current cybersecurity professionals and anyone exploring a career in cybersecurity. The ability to craft the story for comprehension at all career phases is consistent throughout the book. In addition, the author is thoughtful in his coverage of the wide range of topics needed to adequately discuss social engineering. He makes certain to address the technical and non-technical aspects, as well as motives and victim impact.

As an industry, we spend a tremendous amount of time discussing technology to defend attacks. We spend not enough time openly discussing the motives and non-technical methods of attackers and the actual cybercrime industry. We have a bias toward STEM graduates that needs to be challenged. I find that some of my most capable incident response folks are not STEM graduates; rather, they have a background in law enforcement, military or the intelligence community. We need to understand that cybersecurity is truly cybercrime and be able to construct a team of defenders that not only understands security tools and technologies but can actually lead an investigation from start to finish. This book is a key part of that learning.

Conclusion

Erdal is a colleague of mine and asked me to read this book. I did so, at first, out of a sense of duty. By the second chapter, I was grateful to HIM for making the request. It is one of the better books I have read on the subject because of the ease of understanding and the depth of content. I tend to read a lot of cybersecurity books that you simply cannot comprehend without many years of experience in the industry, specific tooling or knowledge as a security researcher.

There is a place in the industry for books that give readers an understanding of attacks through tangible example, but also an understanding of the motives of the attackers. This book covers both. I would place Learn Social Engineering in my “Top 5” list of books I have read this year — and yes, I’m a voracious reader. I would highly encourage everyone to read it. It is an easy read, and despite your experience, you will learn something.

About Ann Johnson

Corporate Vice President of the CSG

Ann Johnson leads the Cybersecurity Solutions Group within Microsoft , in their mission is to accelerate customers’ digital transformation with trusted solutions and expertise to build the secure modern enterprise.

Before joining Microsoft, Ann was CEO at Boundless, an open source geospatial software and services provider. Prior to Boundless, Ann was with Qualys, Inc., as president and chief operating officer, a provider of cloud security and compliance solutions that enable organizations to identify security risks to their information technology infrastructures, help protect their information technology systems and applications from cyber-attacks and achieve compliance with internal policies and external regulations.

Prior to Qualys, Ann was vice president of World Wide Sales/IPV and Global Accounts at RSA Security LLC, a subsidiary of EMC Corporation which provides solutions to protect customer online identities and digital assets.

Ann is a recognized cybersecurity industry leader with a proven track record for building and leading high-performing global enterprise software operations. Ann has a background in cybersecurity, infrastructure and storage and is a frequent speaker on topics of online banking fraud, information security, healthcare security, mobile security, privacy and compliance.

Ann is a graduate of Weber State University in Utah where she completed a dual major in political science and communications. Ann is passionate about horseback riding, skiing and any water-related activity as well as cooking and organic gardening.

https://www.paloaltonetworks.com/blog/2018/10/cybersecurity-canon-candidate-book-review-learn-social-engineering/

Improve information security by Learn Social Engineering.

Key Features

Table of Contents

  • Key Features
  • Book Description
  • What you will learn
  • Who this book is for
  • Table of Contents
  • Learn to implement information security using social engineering
  • Get hands-on experience of using different tools such as Kali Linux, the Social Engineering toolkit and so on
  • Practical approach towards learning social engineering, for IT security

Book Description

This book will provide you with a holistic understanding of social engineering. It will help you to avoid and combat social engineering attacks by giving you a detailed insight into how a social engineer operates.

Learn Social Engineering starts by giving you a grounding in the different types of social engineering attacks,and the damages they cause. It then sets up the lab environment to use different toolS and then perform social engineering steps such as information gathering. The book covers topics from baiting, phishing, and spear phishing, to pretexting and scareware.

By the end of the book, you will be in a position to protect yourself and

your systems from social engineering threats and attacks.

All in all, the book covers social engineering from A to Z , along with excerpts from many world wide known security experts.

What you will learn

  • Learn to implement information security using social engineering
  • Learn social engineering for IT security
  • Understand the role of social media in social engineering
  • Get acquainted with Practical Human hacking skills
  • Learn to think like a social engineer
  • Learn to beat a social engineer

Who this book is for

This book targets security professionals, security analysts, penetration testers, or any stakeholder working with information security who wants to learn how to use social engineering techniques. Prior knowledge of Kali Linux is an added advantage

Table of Contents

  1. Introduction to social engineering
  2. The psychology of social engineering (mind tricks used)
  3. Fundamentals of influence and persuasion
  4. Information gathering
  5. Targetting and Recon
  6. Elicitation
  7. Pretexting
  8. The tools used in social engineering
  9. Prevention and mitigation
  10. Case studies of social engineering
  11. Ask the Experts- Part 1
  12. Ask the Experts – Part 2
  13. Ask the Experts – Part 3
  14. Ask the Experts- Part 4

You can order the book from Amazon via this link , or any other book retailer of your choice

Order Via Amazon:Order From Amazon

Order Via Packt Publishing :Order From Pakct

Order Via Amazon AU

Order Via World of Books  World of Books

Order Via Angus & Robertson Angus & R

Dymocks Order From Dymocks

To learn about my other books :

https://www.erdalozkaya.com/about-erdal-ozkaya/my-books/

https://www.paloaltonetworks.com/

Cybersec Connon LSE review
https://www.erdalozkaya.com/new-book-learn-social-engineering/
More about my books :
https://www.erdalozkaya.com/about-erdal-ozkaya/my-books/

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *


Related Posts

Hacking Trends for 2023

Hacking Trends for 2023 – Free Webinar by EC Council

Hacking Trends for 2023 EC Council will host an online seminar which will be delivered by me on December 21, feel... read more
Binalyze

Real time enterprise forensics platform : Great News €8.7 million …

Real time enterprise forensics platform For the ones they don't know ; I am part of the Board of Advisors team... read more
Tag Heuer Connected Calibre E4 Review

Tag Heuer Connected Calibre E4 Review – Honest Guide

Tag Heuer Connected Calibre E4 Review Here is the honest review of the brand-new Tag Heuer Connected Edition 4 comprehensive review.... read more

Effective cybersecurity strategies -Learn 4 Free

Effective cybersecurity strategies With cybercrime on the rise, companies have started adopting the hard ways of preventing system breaches. Cybersecurity has... read more

Get Uni Certificate for free – Hilarious 0pportunity

Get Uni Certificate for free Would you like to get a Certificate of Achievement from @Charles Sturt University, like below? Then... read more
Best speaker Erdal ozkaya

Speaker of the year by Microsoft 2008

Speaker of the year award by Microsoft Australia  I feel great honor for receiving this important recognition award that is' best speaker of the... read more
UAE CISOs Gather to Gain Insights on Latest Cyber-Security Trends

UAE CISOs Gather to Gain Insights on Latest Cyber-Security Trends From Renowned Industry Experts

CISOs Gather to Gain Insights on Latest Cyber-Security Trends As part of its ongoing efforts to empower organisations with intelligent cyber... read more

Board Member in Australian Institute of ICT -2019

Serving as Board Member in Australian Institute of ICT I have been invited to be part of the CyberSecurity Advisory board... read more
Hackers

Hackers steal 19 years worth of data from the Australian National University

Hackers steal 19 years worth of data News from ESET We Live Security A premier Australian university has disclosed a... read more
How to learn cyber security here are the necessary basics

How to learn cybersecurity, Great Tips from Italy

How to learn cybersecurity, Great Tips from Italy My books are getting recommended by teh popular Italian Security Web site thanks... read more

Categories

  • About Dr Erdal Ozkaya (298)
    • Awards (96)
    • Erdal in the news (118)
    • Feedback (90)
    • My Books (54)
    • Who is Dr Erdal Ozkaya ? (2)
  • Announcemets (302)
  • Artificial Intelligence AI (11)
  • Certification (52)
  • Cloud Computing (72)
  • Cybersecurity (322)
  • Cybersecurity Leadership (52)
  • Financial Sector (31)
  • Forensics (17)
  • Free Events (156)
  • General (133)
  • How to …? (63)
  • ISO 2700x (12)
  • News (38)
  • Reviews (77)
    • Book Reviews (33)
    • Free E-Books (13)
    • Hardware Review (9)
    • Security Review / Reports (10)
    • Software Review (8)
  • Video Tutorials (101)
  • What is new? (27)
  • Windows (30)

Recent Comments

  • Erdal on Free EDR Certification Training
  • SANDEEP SHRIVASTAV on Free EDR Certification Training
  • Alicia Harlow on Core isolation Memory Integrity not available – (Get it fixed)
  • Alicia Harlow on Core isolation Memory Integrity not available – (Get it fixed)
  • Erdal on Siber Güvenlik Saldiri ve Savunma Stratejileri – NEW B00K

Archives

Dr. Erdal Ozkaya © Copyright 2023. All Rights Reserved.