In this episode, Jenny Radcliffe, aka “The People Hacker,” discusses her expertise as an ethical social engineer, honing those skills at an early age on the streets of Liverpool, and unique challenges she has faced over the years. Joining ACFE Community Manager Rihonna Scoggins during Women’s History Month, Jenny explains how being a woman in her field and gender biases she has observed played a significant role in understanding the “human element” behind social engineering. Her new book “People Hacker: Confessions of a Burglar for Hire” is available now in the U.K.
In the excerpt below from episode 130, Jenny talks with Rihonna about how she conducts her work as a “people hacker”. Download the full transcription PDF form or listen to the episode at the bottom of this post.
Rihonna Scoggins: I’m really looking forward to our conversation today. Your experience is really interesting, to say the least. Now you’re at this point where you’ve spoken at many events, and for different companies, and some of our own members may even recognize your voice from our anti-fraud leadership summit that we had last year. Can you tell us a bit about your unconventional experience that led you to where you are now, giving talks, authoring books, and helping companies?
Jenny Radcliffe: Sure. Within the security industry, social engineering is not such an unusual job. Although a lot of the time people will do the same job to me use technology. Social engineering is all about hacking a company at their request. At least when you do it actively like I do, at their request. It’s a cross between a fire drill and Oceans 11, but we’re not that good-looking.
We put together a team, I put together a team, sometimes I work on my own, in order to test the human side of a business’ security. That would be everything from whether people follow the rules, or whether we let people tailgate through gates and reception, whether we give our details away or information away through phishing e-mail or phone calls.
Also, what I do that’s not as well known is we actually break into buildings. We actually do our best to bypass security, to get into a site, and work our way around that site to find out, sometimes we have a target from the client but sometimes it’s just generally, are there any things that I might see that I think could be a security risk. Then it’s an education piece, we report back to the client, and we help them fix those issues so that the real criminals can’t do it for real.
I guess this is a job that I’ve done in the open for maybe 15 years, but all my life really, and that’s because nobody really spoke about this until cyber became a thing and the internet became a thing, and you realize that there was more people than just me who did this.