Q&A: Rachel Tobac

Written by

Rachel Tobac is a passionate social engineering expert who uses her knowledge of behaviorism to train people in information security. A self-confessed ‘non-techie,’ Rachel originally studied neuroscience and behaviorism in college and went on to become a special needs educator, before moving into the security field after discovering an interest in social engineering. Rachel has since won DEF CON’s Social Engineering Capture the Flag contest three times, and shared her real life social engineering stories with various media publications. In her spare time, she works as the chair of the board for the nonprofit Women in Security and Privacy.

How did you get into the information security industry? 
I got my start in infosec hacking live in a glass booth in front of an audience in the Social Engineering Capture the Flag competition at DEF CON. My first ever phone attack was live in front of 500 people! I ended up a winner of that competition three years in a row and years later I now have my own social engineering training and penetration testing company called SocialProof Security!

What’s the most interesting thing about data security? 
I love learning small techniques that can be used to convince someone to divulge sensitive information. One technique I use is giving a knowingly false piece of information to encourage the target to correct me with the accurate sensitive information. I’m also extremely interested in phone authentication protocols and helping companies with phone support understand the best methods to avoid attackers like me gaining access to sensitive data.

What’s your favorite thing about your job? 
I truly love helping organizations update their security mindset with hands-on training and helping them update their systems and protocols. It’s so fun to get to watch the security mindset shift happen in real time.

What would be your dream job if you did not work in infosec?
I didn’t always work in infosec, and my degree and studies were in neuroscience and behavior in a rat lab originally! I would likely be a neuroscientist long term if I did not work in information security.

Quick-fire Q&A 
What’s your favorite book?

I love any memoir that is written by a comedian (specific, I know!)

What did you want to be when you were growing up?
I wanted to be a TV anchor back in the day.

What’s your guilty pleasure?
Time travel movies and shows, though I’m not guilty about it. My favorite show is Dark on Netflix right now.

BIO @racheltobac

Rachel is CEO of SocialProof Security, where she helps people and companies keep their data safe by pentesting and training them on social engineering risks. 

What’s hot on Infosecurity Magazine?