Book Review: Social Engineering

Social Engineering: The Science of Human Hacking. By Christopher Hadnagy. Wiley; wiley.com; 320 pages; $35.​

Social engineering is the most effective hacking method ever. It’s also the oldest. Long before computers existed, con artists were swindling people out of money, jewel thieves were fooling guards, and silver-tongued devils were swaying people’s opinions in one-on-one conversations. Now in the digital age, phone scams (vishing) and email scams (phishing) are prevalent, effective, and cheap to conduct. These techniques are used by malicious actors including state-sponsored hacker groups, pedophiles, terrorist organizations, and cyber criminals.

“Social engineering takes the way humans are wired to make decisions and exploits the vulnerabilities in those processes,” writes author Christopher Hadnagy. He breaks down the tools, techniques, and process of social engineering attacks from the offensive professional perspective in the second edition of his book Social Engineering: The Science of Human Hacking. Hadnagy explains the physical, psychological, and social aspects of these attacks with scientific references and includes mitigation techniques for each. He keeps the information interesting with excerpts from his real-world encounters on the job and with students. He makes practical recommendations on improving security posture through policy and training.

This book is bread and butter for any aspiring penetration tester or cybersecurity student. It’s also a defensive playbook for security guards, customer service agents, office managers, and anyone who has access to sensitive data.

Reviewer: Joshua Montalvo, CISSP, GCIA (Certified Intrusion Analyst), GCIH (Certified Incident Handler), CEH (Certified Ethical Hacker), is a 16-year veteran of the U.S. Army Signal Corps. His professional experience includes cybersecurity analysis, security engineering, and security program management. In the real world, you can find him training for his next marathon, triathlon, or obstacle race.