Mike Murray has spent more than a decade helping companies large and small to protect their information by understanding their vulnerability posture from the perspective of an attacker. From his work in the late 90's as a penetration tester and vulnerability researcher to leadership positions at nCircle, Neohapsis and Liberty Mutual Insurance Group, his focus has always been on using vulnerability assessment through penetration testing and social engineering to proactively defend organizations. Mike is currently in charge of penetration testing and training at Foreground Security, where he leads engagements to help corporate and government customers understand their security organization . He is also in charge of the reknowned curriculum of The Hacker Academy, where he trains security professionals on the newest methods of computer penetration testing and social engineering to help them better protect their organizations.
Mike is a widely reknowned speaker, and his talks on a wide variety of topics have been seen at major conferences like RSA, SOURCE, InfoSecurity Canada and Defcon. He has written technical articles in publications including BusinessWeek Online and Sys Admin, as well as a regular column on EthicalHacker.net. Mike has a variety of other diverse interests: he leads Michael Murray and Associates, where he and his team work with organizations to assist them with their human systems, from their organizational design and efficiency to the career paths and development of their individuals. Mike's thoughts on security can be found on his blog at Episteme.ca, and his work on helping build careers can be found at ConnectedCareer.com.
Topic:
Pwning People - Exploiting Users Through Technology
While most penetration tests these days involve some form of user exploitation and social engineering, very little research focus is placed on the SE part of user exploitation. Noted social engineer Mike Murray will present on principles and methods that will help the audience to increase the success rate of exploiting users through webpages, email and social networking on their penetration tests, and give some real-world examples of what works and what doesn't when exploiting users through their technology.