Jenny Radcliffe – aka ‘The People Hacker’ – is a force to be reckoned with. She can diffuse a crisis situation, talk her way into a secure building and spot a psychopath at a hundred paces. She has been called a mind reader, a ‘human lie detector’ and likened to a Jedi Knight. In reality, she’s an expert in social engineering, using her skills to help clients protect themselves from malicious social engineering attacks
What was your route into social engineering and pen testing?
I’d always been interested in wandering around places and looking at what happens in buildings after-hours, behind the scenes or once they became empty. I started to look around such places as a child, as many of us do, and I never really stopped. By the time I was getting paid to test security systems in what we now refer to as penetration tests or social engineering, I’d already spent most of my life doing it!
Who do you admire most in the industry?
I admire people who have done the work and have the experience in the industry so that when they stand up to talk to people they really are an authority on what they say. I admire those who quietly help people in different ways without using it as a vehicle for their own ego and profit, and also those who are only just starting out but are willing to put in the work in order to get really good at what they do. They’ll be protecting us all in the future.
What’s the most interesting thing about social engineering threats?
That nothing changes! Scams and cons evolve and technology has enabled social engineering to be much quicker, broader and more dangerous than before, but ultimately people are still fooled by the same few psychological tools they always were. Understand the tools and you are less likely to be conned by a social engineer: it’s simple to say but incredibly difficult to remember for a target, especially in the midst of the con.
Tell our readers an interesting fact about yourself.
My first pet was a dog called Gripper, which was a joke because he was so fluffy. My mother’s maiden name was Dublin, so we were known as the ‘Irish family’, but we aren’t even Irish and I have no idea where the name originated from!
If you could change one thing about the infosec industry, what would it be?
Plagiarism, snake oil merchants and false prophets plague an otherwise incredible industry. If I could change only one aspect of infosec it would be to get rid of those things. Truth and integrity are integral to security and it matters here more than most industries; that we all have the highest standards, not just for the people we are trying to help but to raise our expectations of what is possible both for the industry and for ourselves.