If you think technology can solve your security problems, then you don't understand the problems and you don't understand the technology.

Bruce Schneier, Secrets & Lies

Ok. So, if you are reading this book, you likely already know why you need it. The world is in desperate need of better equipped security awareness leaders. The headlines and statistics make it clear that security technologies—no matter how good they become—will never be 100 percent effective. Cybercriminals will find gaps and points of ineffectiveness in the technologies and exploit them. It's the age-old arms race.

In that age-old arms race, regardless of if we are talking about computer security or physical security, cunning criminals have realized that they can effectively and reliably bypass an enemy's defensive systems by exploiting vulnerable humans. The main tactic here falls under the simple heading of social engineering: the process of getting someone to believe something, reveal something, or do something that works to further an attacker's goals.

Security professionals are in a quandary. Many of them feel that they could build secure systems if only those pesky end users wouldn't ruin everything. Security teams develop robust policies that clearly define appropriate behavior, but the users don't follow the policies; in fact, they go around the policies.

But there is hope. Our job as security leaders is to deal with these issues head on, and that's where this book comes in. Welcome ...