Jenny is a world-renowned Social Engineer, hired to bypass security systems through a no-tech mixture of psychology, con-artistry, cunning and guile.
She will be the keynote speaker at The Norfolk Cyber Conference on 8 December at The Space in Norwich. Ahead of the event, we thought we’d get to know Jenny a little better.
What did you want to be when you were younger?
I was always interested in writing and studied music journalism alongside my first degree. I was also interested in law and the legal profession, but was discouraged from applying to convert my degree to law by a careers advisor who told me I should try and become a librarian! I felt I could always go back to law if I still wanted to do it when I was older and I don’t think I would have been suited to librarianship at all!
There was no real career path for security work outside of the police or military back then, at least not that I could see, so I never really thought about doing what I do now as a career until much later on in life. I’d always done the work, but it wasn’t something I felt able to talk about publicly as it wasn’t a very well-known profession and still isn’t outside of the security industry.
How did you get into cyber security?
My work was always part of the security industry but I never thought that the cyber side of things would have any interest in psychology or physical security. I couldn’t have been more wrong, as it was cyber security professionals and firms that first encouraged me to talk publicly about the link between human nature and security breaches, something I had been working on all my life.
I was asked to speak at a cyber conference in London and honestly didn’t think anyone there would be interested in what I did as it involved very little, if any, technology. However, the audience was really interested in my topic and recognised the link between security and people was key to staying safe. The cyber crowd also knew about what I did and even gave it a title – social engineering. It was the encouragement and enthusiasm to learn more about my work from the cyber security industry that led to me become more public about what I did and start to keynote at events, write and podcast about my job.
Who’s someone in your profession you really admire?
I admire lots of people in the industry, but the one thing they have in common is a genuine need to help people be safer and more secure, rather than pursuing followers or attention. They tend to be genuine experts in their field rather than generalists who switch from topic to topic as the latest threats and trends develop.
What is the biggest misconception about your work?
The biggest misconception is that social engineering is easy. Sometimes a simple method of entry works but to do the job properly requires research and planning far beyond what many people think is necessary or are willing to do. Everyone has blagged an upgrade or sneaked past a queue at some point, but to do the job professionally is a different story and requires skill, patience and discipline.
I sometimes see social engineering pop up on someone’s online bio and it makes me smile because these days it has become a cool thing to say even though you may never have really done the job! Whereas I wouldn’t even admit to doing it for years in case people thought I was an actual criminal, which sometimes they still do!
What makes your job exciting?
I mean I’m a burglar for hire. No job is ever dull!
What’s the biggest change in cyber security that you’ve seen in the last year?
The biggest change is that people outside of the industry are increasingly aware of the role cyber security plays in global events. From the war in Ukraine to attacks on critical national infrastructure, cyber breaches are increasingly part of everyday life with potentially far-reaching consequences for all of us.
The last few years have been turbulent in so many ways and the general public understand more clearly than ever before how cyber issues affect us all both as individuals and on a global scale. It’s our job as industry professionals to try and help them navigate this new reality safely and securely.
A big thanks to Jenny for answering our questions. And if you’d like to come and hear from Jenny live in Norwich, book your tickets for The Norfolk Cyber Conference now!