EPISODE 01 – Inside the Mind of a Social Engineer

A single human error can compromise even the most robust technical infrastructure. For executives and security leaders, understanding the psychology behind these breaches is critical to protecting organizational assets. 

In the first episode of the Hack Responsibly podcast, host and NetSPI VP of Research Karl Fosaaen talked with Patrick Sayler about dissecting the evolving landscape of social engineering. This discussion moves beyond simple phishing definitions to explore the sophisticated tactics threat actors use to bypass advanced security controls, from multi-factor authentication (MFA) fatigue to AI-driven deception. 

This episode offers high-level insights into how social engineering impacts your risk posture and what proactive measures you can take to align your security initiatives with business continuity goals. 

Key Insights 

• Evolving social engineering tactics present persistent business risks. 
• Adversaries leverage AI to scale and enhance attack effectiveness. 
• Practical principles to strengthen human defenses and align programs with strategic objectives. 
• Real-World War Stories Real-World War Stories 

In this episode, Patrick shares many stories from his nearly decade-long tenure at NetSPI. One highlight includes a “war story” involving a CFO, demonstrating that even high-level executives are targets. These narratives provide a clear look at the creativity of adversaries and underscore the necessity of a holistic, programmatic approach to security that includes the human element. 

About the Speakers 

Host: Karl Fosaaen | VP, Research 

As a VP of Research, Karl is part of a team developing new services and product offerings at NetSPI. Karl previously oversaw the Cloud Penetration Testing service lines at NetSPI and is one of the founding members of NetSPI’s Portland, OR team. Karl has a Bachelors of Computer Science from the University of Minnesota and has been in the security consulting industry for over 15 years. Karl spends most of his research time focusing on Azure security and contributing to the NetSPI blog. As part of this research, Karl created the MicroBurst toolkit (https://github.com/NetSPI/Microburst) to house many of the PowerShell tools that he uses for testing Azure. In 2021, Karl co-authored the book “Penetration Testing Azure for Ethical Hackers” with David Okeyode. 

Guest: Patrick Sayler | Director of Social Engineering 
Patrick Sayler is a Director based out of the Portland, OR office. He is responsible for leading the Social Engineering teams, which encompass NetSPI’s phishing, vishing, and onsite services. Patrick joined NetSPI in 2016 and has over 14 years of experience in the information security industry, with more than 12 years dedicated to penetration testing. During this time, he has had the opportunity to perform security assessments for clients across a wide range of industries, including aerospace, financial services, manufacturing, healthcare, retail, and biotechnology. Patrick has presented his research and social engineering techniques at Wild West Hackin’ Fest, BSides Portland, and RedTreat. He took a detour to THOTCON to discuss attacking arcade games. 

Empower your strategic decisions with these additional resources: 

• Service Overview: NetSPI Social Engineering Services 
• Expert Talk: Automated Social Engineering for the Antisocial Engineer 
• Technical Insights: Hack Responsibly Blog 
• Tools: NetSPI Open Source Tools 

Find more episodes on YouTube or wherever you listen to podcasts.