Podcasts
Career Notes
Ep 83
Career Notes 1.16.22
Ep 83 | 1.16.22

Marina Ciavatta: Going after the human error. [Social engineer]

Show Notes
Transcript

Marina Ciavatta: I'm Marina Ciavatta. I'm from Brazil and I'm a social engineer and CEO of Hekate, Inc. 


Marina Ciavatta: Most people think I'm 007. You know, like just like Mission Impossible I'm coming from the ceiling with a rope and stealing stuff in the dead of the night, but it's not. 


Marina Ciavatta: I wanted to be so many things. Astronaut, you know, the good old, I want to be an astronaut when you're a little kid . I wanted to be a writer for a very long time and because of that, I kind of steered my way into journalism. My first degree so very far away from where I am today, I didn't even went in to get my diploma. I still don't have the diploma. I'm finished. I'm graduated and all, but I just never used it ever. 


Marina Ciavatta: Growing up I was, you know, a little nerd, um, still a big nerd actually now. Because of that, gadgets, video games, computer, they have always been near me. Sci-fi is very big when you're a nerd. Being a little geek, technology is part of your day to day. And you always wanted to know tear things apart, get to know how they work. At least I was like that. The whole wanting to be an astronaut when I was a kid turned into a passion for astrophysics and because of that, I've always been quite close to technology.  


Marina Ciavatta: I always liked storytelling. I've told you for a very long time as a kid, I wanted to be a writer. I actually wrote a book with six years old. So I carry that dream of communication and storytelling through school and one of the teachers, she was like, if you don't do anything related to communication, you're just going to waste your life because you're very good at it. But I was also a very punk and anarchist and revolted little teenager. I had a very deep hate against journalism because back in my country, corruption is very big. It's a poor country and a great part of that is how media handles the politics around the country and I could see that very clearly and that would really make me very mad. So I was like, okay, if I have to go to communications, not to waste my life, I plan on going, uh, to journalism. That way I can change the way things are from inside out. I can graduate into a journalism and I can go into communication and try to make things a little bit better for us on the other side of this chain. 


Marina Ciavatta: I really disliked journalism as a career, everything, every path that was presented that you could be a journalist, a sports journalist or a fashion journalist. Just a news reporter or all of those options, even radio, which I really liked, they just didn't seem like good career paths for me. I always wanted to work behind a computer mostly because even though I was in communication, I was always quite weird and socially dislocated. I would always have like social anxiety going to places and all of that. So I didn't want it to work close to people, but writing was quite a passion. So, I thought maybe I can be an editor or something. At that point I've given up the writer dream because I already knew that writers would starve and make no money. So going through college, I had a really rough time on figuring out what I wanted to do.  


Marina Ciavatta: I started working in this little geek website where I started to building critiques on video games and web series that I liked. It paid pretty much nothing, but I would have lots of fun with it. That's when I noticed, okay, I have to work with something 'cause I guess that's what makes me happy. I saw this job posting from a information and technology company in need of a content producer. And I was like, oh, okay. I maybe can write about technology. And at that point I had no idea that security, InfoSec and hacking were a complete different part of technology. The people from the company were very surprised with my ease to write about security and hacking and I got the job. It's where I had my first contact with hacking and security and I started just falling in love completely with the subject. You have to learn the stories to be able to tell the stories. So you have to really dive yourself into the culture and what people were like. I just started to get intoxicated with hacking.  


Marina Ciavatta: Social engineering, my first contact with it was I started to organize a bunch of hacking and InfoSec events around the entire country. I have organized more than 250 events and I was like, oh, Kind of like hacking for people like me because I was not technical at all. I had a humanities background and I never dove into the technical field. I was interested in the culture and the behavior and the way people would express themselves. Social engineering just spoke very loudly to me at the time, but I didn't became a social engineer. A few years later, a friend of mine was dealing with this client and the client asked for a physical pentest. He came to me and he was like, Hey, you're very good with people. Do you wanna come and help me with this assignment? Do you want to like actually go and do it? Oh, sure. Of course break and enter and steal stuff? And I'm not going to go to jail? Yes, let's do it. And that's how I got my first physical pentesting assignment. 


Marina Ciavatta: My job is to test all of the security layers, especially the human ones at a company and make sure they are indeed prepared and paying attention to security as they should, because if they're not, I am going to find their flaws. Not only that, but I'm probably going to make them make mistakes. I'm going after the human error to take advantage of someone who left a door opened, or that will believe me and try to help me and put me inside a room that I shouldn't be, or they will turn away when I steal something and they won't say anything. I'm going to test how they respond to my mischievous acts. I'm a physical pentester. If you're waiting for me at a door for checking my credentials, I'm just jumping through the back. I'm not there to enter the door with your permission. 


Marina Ciavatta: Try to find people who will help you. It is very hard to do this by yourself. Go to the events. You gotta know people, you gotta start asking around because this is a huge field and it changes so fast. For young girls out there, that want to be a physical pentester, try to find other social engineers to mingle. It's in the name. We are social creatures. We won't push you away. Quite the contrary.  


Marina Ciavatta: A lot of people ask me about self-control and I got to say it is really hard if you don't have very good self-control. You may get unhinged and that's very dangerous because you realize how powerful you can become. You really have to stay to your script, stay very truthful to why you're doing that.

Career Notes
Podcast Info
Schedule: Sundays
Creator: CyberWire, Inc.
ADVERTISEMENT
Sponsored by Keeper Security
Sponsored by Keeper Security

Keeper is the top-rated cybersecurity platform for protecting organizations of all sizes from the most common password-related data breaches and cyberattacks. Learn more at Keeper Security.