"Social Engineering is currently one of the buzz terms within the hacking field. Like children with new toys, hackers everywhere white hat, black hat and everything in between are rushing to learn just what Social Engineering is and how they can add it to their arsenal. In this talk, I will take an entirely different approach to the Social Engineering talks your are used to and show how lessons can be learned from one of the oldest, most durable professions, that of the salesman. I will talk about the true master salesman, one who can quickly identify their customer train of thought and what signals they will respond to in order to gain a sale and show how many useful parallels there are between a good sales process and a Social Engineering attack/penetration test. I will briefly go through some models that have been taken from psychology and applied to sales, but I will use them to apply directly to Social Engineering. You will be surprised how well they fit and how little alteration is needed! I will show how everything from searching for information on buyers to handling objections to a sale can be used in an a SE attack (Same process for researching a target? Objection handling for dealing with curious/vigilant security?). For those of you who are more comfortable behind a computer screen than in front of people, don�t worry, I will show why the current line of thinking in information security that Social Engineering is limited to those with 'the gift' is wrong and show exactly how you can apply these techniques and why those who seem to be �gifted talkers� fail almost everytime. Once I have looked at the attack vectors I will do the only right thing and show exactly how these very attacks can be better defended against. I will present firstly why as information security professionals we should be scared of the fact so much Social Engineering skill is out there, then I will seek to present exactly how we can leverage this skill to not only benefit ourselves during penetration testing, but also to shore up our clients defences against these very attacks. I will then show you how a process that is used every day by organisations, big and small, can be tweaked and applied to your organisation in order to protect you, your employees and importantly your customers and their data against Social Engineering attacks. By the end of this talk you will be left with plenty of food for thought from your time with an multi-award winning salesman turned ethical hacker. You will have categorised yourself according to one of my key people types and know what SE would be more effective against you. You will also be able to start looking for those same signals in others, your friends, your workmates, your targets? You will be armed with the process that I use in an SE attack and the tools to do some thinking and research to make your own similar process."