When people hear that I get to write phishing emails and make vishing calls for a living, the first question they generally ask is, “How did you get into that field?” For some, the next question is, “How do I get into that field?” If you’re part of the latter group, this newsletter is for you. Let’s explore the tips and tricks to getting into the trade. Hopefully, this perspective will help you start or continue your journey to becoming a Human Risk Analyst.
Start Building Your Industry Knowledge
First and foremost, you must begin by building your industry knowledge. There are many free resources you can use to get started. The first thing I like to point people to is the social engineering framework created by Christopher Hadnagy. This framework outlines the ethical guidelines for using social engineering as a professional. This is very important because as an aspiring professional, you want to ensure that you are applying the things you will learn in ethical ways. We want to leave people better for having met us, and more secure for it as well.
Another great and free resource is podcasts. There are many industry podcasts that exist that can help you build the right kind of knowledge. Two that I recommend are Darknet Diaries and The Human Element series. Both podcasts give insight into the industry and can help you get a feel for the community. I have linked 2 specific podcast episodes below that deal with exactly what we are discussing today. Hopefully you find them useful!
– Training to be a social engineer
Finally, read up! Reading industry books will help you learn from the experts. Check out this book list to help you find what you’re looking for!
Get Outside of Your Comfort Zone
Additionally, you need to be willing to try new things and step outside of your comfort zone. Most of us, MOST of us, don’t spend our days hopping barbed wire fence, using aliases when calling people, and trying to get clients to click on suspicious links. These things should be new to you. Because of this, we need to be willing to try things that could be uncomfortable at first.
I’ll tell you a secret… When I started at Social-Engineer, LLC, I HATED being on the phone. I knew that if I was hired, a large portion of my job would be making vishing phone calls. I decided to see if I could overcome my discomfort, though, and give it a shot. I was able to adapt, and today I even enjoy many of my vishing conversations. This is good, because I’ve had thousands of them! The point? Sometimes we need to get used to being uncomfortable.
Courses and Certifications
A common question I get from those looking to enter the industry is, “What courses and certifications should I take/obtain?” Since we’ve established you will be trying new things and learning new skills, it makes sense that you would want a course that is going to expose you to some of those things. The courses that I took and the ones I recommend are those offered through Social-Engineer, LLC. Without giving too much away, these various courses apply social engineering to real work-related scenarios and help you practice the various skills needed to be a Human Risk Analyst. My personal favorite class, the Foundational Application of Social Engineering (FASE) class, focuses on the aspects of human decision making, and why it is important to understand these mechanisms.
As far as certifications go, there are a million to choose from. There is only one, though, that certifies you to become a professional social engineer. That is the Certified Ethical Social Engineer (CESE) course, provided through Social-Engineer, LLC. The recommended way to access this certification test is by taking one or both of our two classes, FASE or the Practical Application of Social Engineering (PASE). After completing at least one of these classes, you will get a free attempt to test for the certification, or you can pay to take the test directly if you feel you have the skills to pass already. This one-of-a-kind certification will ensure that you have the necessary skills for becoming a Human Risk Analyst.
Networking
The last key we will discuss to getting into the industry today is to surround yourself with the right people. This may sound easier said than done, but it is worth the effort. I recommend attending as many industry conferences as you can and networking with people in person. There is no better way to make the right connections. Social media sites such as LinkedIn can help you in your efforts as well. Search for those whose ethics align with yours and who will build you up and help you reach your goals.
Becoming a Human Risk Analyst
When all is said and done, there is no one right way to go about becoming a Human Risk Analyst. On my team alone, we have people from all different backgrounds. No two of us got into the industry in the same way. Hopefully, though, the tips in this article can assist you in getting started or continuing on your path. Remember to get out of your comfort zone, take applicable courses, and network within the industry. If you do these things, you’ll be on the right track to becoming a Human Risk Analyst.
Written by:
Shelby Dacko
Human Risk Analyst at Social-Engineer, LLC