“Threats are normal things, weaponised to not be. So I make normal make sense, because then threats do, too”

— James Linton, Social Engineer

My Social Engineering & Phishing Awareness Talk.

Why not join Hitachi, Siemens, Johnson Controls, Tide, and others, who have trusted me to tell the phishing stories that matter.

Talk title: ‘I hacked the White House! - Here’s how i’ll hack you’

Get a feel for the talk with this 25 second blast through!

“Thank you so much for the amazing session!

It was indeed fascinating and mindblowing, I can already tell our audience loved it!”

— Hitachi

Real stories of social engineering, phishing, and email risks

My 1 hour I hacked the White House! - Here’s how i’ll hack youtalk puts storytelling front and centre. And it’s not just old war stories, it’s the stories of what really creates risk for us all. Stories of trust, biases, timing, even clicking!

Talk Agenda

  • Set the scene, I knew nothing about ‘cyber’
    To begin we look at my first baby steps into social engineering - despite having never heard of it! Could I trick colleagues into thinking I was our CEO? It turned out I could… but it also gave me more than a few heart stopping moments.

  • Playing with the deception puzzle
    We then look at some prankster case studies: Tricking Wall Street bank CEOs, and the Head of Homeland Security. The intent is to look at how I crafted the all-important first messages. How did I use open source research to write emails that *seemed* hyper-presonalised? How did I decide who to be? We look at that in detail in this section.

  • Socially engineering cyber criminals
    With the pranks beind me, I went to work for a Silicon Valley email security company. Now I was socially engineering cyber criminals who were attacking businesses. So in this part we look at how criminals used the tactics I had, but for criminal gain.

  • Why I care, even about giving scammers a click
    Now for the real story of what lies behind the ‘phish’ in your inbox. The cyber criminal at the centre of this story made a fatal error - he tried phishing an email security company. So we turned the tables, and dug into his entire criminal enterprise - and it made for tough viewing. But there’s a happy ending, and it wasn’t long before the Secret Service were on his tail, using the intelligence we gathered as a road map.

  • How I (if I was a criminal) would hack you
    Finally we enter the 'Here’s how I’m going to hack you in the audience!' segment. What is it I have in my toolkit that makes me able to zero in on you? How much do I need to know about you to carry out an attack? And why would I target you if I was a cyber criminal? This section isn’t a typical hackers POV, it’s a unique journey into the ingredients that make email risks for us all.

Beyond just phishing

Biases help us understand the online world, but they can be exploited. To bring the story of biases to life I leave the world of email, and look at a time I was faced with a challenge.

How could I hack into a cyber criminals Zoom meeting?

And the solution was shockingly simple…

Read my Linkedin post about it

Any audience

Over the years I’ve presented to CISOs, customers, employees, and peers, at a wide range of events, in a variety of countries. So I’m experienced at understanding the audience, and how to craft a talk that will work the hardest, for everyone.


Let’s chat

If you’d like to learn more, drop me an email at: james@thewhole.io, it would be my pleasure to jump on a call and answer any questions you might have :)

“Everyone stayed on for the full hour! You’re a talented speaker!”

— Siemens

Read more about my past as the email prankster, and an Email Threat Researcher below…

Personal Project: Gamified Phishing Simulation

BattlePhish™
Phishing Sims: Gamified.

Split your Org into 2 teams. Each teams then votes on which phish to send the other.

Now an employee is studying phishing threats… deciding which would be most likely to trick them! It also brings transparency to the world of phishing sims; if you’ve had a go, you might not mind ‘normal’ simulations so much.

Developing it into a valuable learning experience has been a challenge. But it’s such a fun project to work on, and feedback so far has been extremely positive.

MY OTHER PROJECTS

Below are other Security Awareness projects I’m working on…

My Awareness Videos

My Awareness Videos

I’ve explored different parts of the ‘awareness’ content world over the last few years. You can check out my video series here.

Personal Project: Ask&Do™ Risk Model

Ask&Do™ Model

There’s been some changes! Role & process email risk discovery coming soon.

In 2019 I began studying the relationships of email, looking for something to simplify it - to make it more modular and comparible - regardless of whether it was malicious or not.

‘Email enables us to Ask, and to Do’ was what I ultimately felt best captured the transactional relationship email enables.

It featured in my first series of awareness videos in 2020, and since then has evolved to become a much wider framework for locating, and comparing, social engineering and business process risk points. Across mediums; it isn’t just restricted to email.

My Blog