Baked Not Fired: Performing An Unauthorized Phishing Awareness Exercise.

No ratings

Presented at ShmooCon 2008 by

This talk will illustrate how, without getting fired, to perform an unauthorized internal phishing exercise within a large corporation to raise security awareness and demonstrate why processes need to change. The phishing attack was orchestrated to allow incidence response to quickly determine the author and support the forensic investigation that followed. Phishing is easy; this is how to stand up and rock the boat hard while remaining on board. Bio: Syn Phishus, former punk, is a security professional whose past employer was too embarrassed to learn from its mistakes. He respects authority but asks many questions so that he can learn. Sometimes this gets him branded a maverick and laid-off, but it hasn’t gotten him fired (yet). Syn Phishus is a Certified Internal Secret Phishing Professional (CISPP) which is not an (ISC)2 trademark. His alter-ego has presented at MISTI and other security conferences.