Advertise on ITWeb         Sat, 10 Dec, 11:05:17 AM

Jenny Radcliffe: Embracing the 'human' side of IT security

"I'm on the side of the angels, but I never said I was one," is how Jenny Radcliffe, social engi-neer at Jenny Radcliffe Training, describes her career in IT security in one sentence.

Radcliffe got involved in the sector when she was approached to do some penetration testing by a private security firm who needed a social engineer to talk their way into a bank.

"They knew I did similar work independently, and asked for my help with the human element of a large contract they had with their client. I was known as a negotiation consultant and public speaker as well, and spoke at a couple of conferences on the human element of security and how it tied in to the technical side.

"Then the infosec industry really engaged with the topic and I was asked to speak and consult on people hacking and social engineering with increasing regularity."

Jenny Radcliffe, social engineer at Jenny RadcliffeTraining.

Jenny Radcliffe, social engineer at Jenny RadcliffeTraining.

Her career began in procurement and supply chain, and from there she went into management consultancy and training over a decade ago.

"I specialised in influence and persuasion topics, as well as negotiation training, lie-detection and non-verbal communications. I'd always been a social engineer since I was very small and the skills I taught and consulted on professionally helped me be a good pen-tester and security consultant as well. A few years ago I ‘came out' and started talking about social engineering and teaching related topics."

Speaking of how she decided to become involved with IT security, Radcliffe says she was work-ing with traditional security firms on social engineering projects and advising crisis negotiators and others on various topics.

"I was speaking at security conferences and got the attention of some of the larger IT events. I was pleasantly surprised at how much the so-called ‘techies' embraced the human side of securi-ty and have continued to show interest and intelligence in the area ever since."

Radcliffe believes she has the best job in the world. "Helping to stop con-men and criminals get past people and into organisations is very rewarding. I do more consultancy and training than actually getting into buildings these days, but I love every part of the job. It's nice to see the penny drop in people's minds when they see that they can be fooled into revealing information about their firms and their private life by a determined trickster, but even better to show them that they are not powerless against these people. Giving staff tools to help protect themselves and their families is a great feeling."

On the other side of the coin, she cites the biggest frustration of her job as being the continued stubbornness of some firms who just refuse to acknowledge that they are vulnerable to these risks.

She says it is especially annoying when senior people refuse to acknowledge the problem, and spend a fortune on technical security, firewalls and the like, but are happy to let their people go unwarned about the serious and direct threat of social engineering. "Awareness training in this topic is just like insurance, until you need it you don't realise that it's essential."

In terms of what stands out in her security career, she says she spoke at a major conference in London for the first time about social engineering and how she didn't care about technology be-cause she just "hacked people" instead.

"It was an outgoing and flamboyant performance and very different to the rest of the speaker agenda that day. After that one talk, my name was out there and I've been in demand on the topic ever since."

Looking back on what she might have done differently, Radcliffe says she has made a few un-wise business decisions and missed out on a few opportunities, trusted the wrong people and been too honest at times with those looking to share the rewards of being successful, but not the hard work that goes behind it.

"I think though that is a pretty common business story, especially for an independent, and to be honest a person's character always shows through. I have found out later that those people who are insincere, greedy or dishonest are known to be so by everyone else, so tend not to go far anyway! Talent and hard work pay off in the end, greed and dishonesty tend to be a person's downfall."

Enjoyed this story? Subscribe to ITWeb's Security News newsletter.

Our comments policy does not allow anonymous postings. Read the policy here




Sponsors Message