Social Engineering Security Trainer & Consultant
Keynote, Moderation, Panel, Training
Christina Lekati is a psychologist with a long history in cyber security. She is an expert on the human element of cyber-attacks, social engineering, and in open-source intelligence.
Christina Lekati has trained and educated thousands of people around the globe on current security issues, social engineering and intelligence collection & analysis.
Christina Lekati specializes in people profiling through social media and combines this with her knowledge of the modus operandi of attackers. She helps clients and audiences identify their vulnerabilities and protect themselves against cyber threats.
With her skills in open-source intelligence, she also conducts high-value target & corporate vulnerability assessments. She is working with Cyber Risk GmbH as a social engineering expert consultant and trainer.
Christina is frequently invited as a speaker or keynote speaker at cyber-security events around the globe. Her presentations combine the art of storytelling with science, research, and her own professional experience.
She is also an Executive Board Member at the OSINT Curious project, contributing regularly to the international scene of Open-Source Intelligence (OSINT).
"I combine the art of storytelling with science, research, and my own professional experience.“
What makes me stand out?
I make it my personal mission to deliver presentations that audiences enjoy, find interesting, and learn from.
My audiences are most often well entertained and develop an interest in the topics I present. They gain practical knowledge & skills that they can apply in their working environments. They learn about current news, threats and updates from our field of cybersecurity, they are better able to inform their cybersecurity plan and strategy, and more.
1. Information Security Is Up Against Weaponized Psychology
Social Engineering has become one of the most effective and efficient attack methods used to initiate and enable cyber attacks. We read in the news about large-scale security violations, where investigators are not able to understand the phase of initiation. Most often, a social engineering attack is involved. By design, this is the type of attack that moves in the shadows, delivered by criminals and state-sponsored agents that are able to blend in multiple environments and often leave no trace, making it very difficult to identify the point of initial compromise. Similar to warfare operations, these threat actors strive to create an asymmetrical advantage based on a carefully planned strategy.
Cybersecurity today is not only a technical challenge.
It is also a behavioural challenge. As long as executives, managers and employees can provide access to critical assets, systems, and data, attackers will be targeting them through social engineering schemes in order to acquire this access. Those who have access to technology and organizational assets have also become responsible for protecting those assets. Do you or your colleagues make the perfect target?
Weaponized psychology has started becoming a tool employed to infiltrate organizations in the public and private sectors, steal sensitive information, recruit insiders, and help attackers breach organizational security.
This talk provides insights on the mechanisms and the methodology of today’s elaborate social engineering attacks and explains the increasingly growing threat of weaponized psychology. It will also discuss how attackers elicit information that assists them in initiating or delivering an attack. The talk will include case studies and lessons learned on the use of weaponized psychology from the fields of business and human intelligence operations (HUMINT) in social engineering and in recruiting insider threats, as well as what makes some targets more attractive than others.
2. How Attackers Profile & Target Key People Through Social Media
While to the rest of the world social media are friendly platforms of communication and sharing, for cyber attackers & malicious social engineers, they are targeting and information harvesting platforms. Even though social media do not always demonstrate our true personalities, they do demonstrate the way we want to be viewed and treated by others. This can be a lot more useful for attackers and social engineers who tailor their approach to their targets and lure them in through their victims’ personal wants and needs. In our social media profiles, we "leak" behavioral tendencies and characteristics that provide significant intelligence for any type of operation targeting humans.
The talk covers the topic of information gathering through social media intelligence (SOCMINT), and explains how even seemingly innocent information can be used to manipulate or influence targets. Case studies will be provided.
It also discusses the art & science of profiling, along with its limitations for social engineering. A two-part demonstration is included on how a profiler’s mind works when harvesting information on social media:
The first part includes real examples of posts that expose vulnerabilities, attract attackers and ultimately can be exploited and lead to a security breach.
The second part dives deeper and demonstrates how the information found on a social media profile (from the pictures to the words used by an individual in their captions) are gathered, categorized into a profiling matrix and then analyzed, bringing into the surface a personality profile. The target's profile can then provide actionable intelligence that increases the success of attacks, or attack simulations.
Real life case examples will be provided.
3. The Behavioral Science Influencing Your Cybersecurity Culture
What does it take from a cybersecurity professional to be heard in their organization and spread their message about the importance of cybersecurity to both the leadership and the other employees? And if that wasn’t already hard enough, what does it take to lead behavior change and build a cybersecurity culture? It has become clear that technical cybersecurity measures need to operate in harmony with, and to be applied from people. Today’s employees need to practice good cyber security habits to protect the assets they handle and their organization.
However convenience, productivity requirements, and other organizational realities are often competing in people’s heads; and it makes them conclude that cybersecurity is simply an “inconvenience” that they soon decide to ignore. On the other hand, security professionals -who were originally focused on securing technology alone, are now tasked with a vastly different requirement: to lead behavioral change within their organization.
This topic discusses the psychological elements & behavioral science involved in shifting the user’s perspectives towards cybersecurity and driving behavior change. It discusses what drives motivation, people’s perception of risk & reward, the psychology of willful compliance, and more.
Ultimately, this topic helps security managers & executives to more effectively communicate & implement the necessary cybersecurity requirements that employees need to practice within their organization.
Keynote Presentation For SecIT by Heise (2021, studio live streaming) – Hannover, Germany
Title : “The Behavioral Science Influencing Your Cybersecurity Culture”
PwC Cybersecurity & Privacy Days – “Information Security Is Up Against Weaponized Psychology”
DEF CON Social Engineering Village - “Judging By The Cover” (virtual):
Elbsides – “When Your Biggest Threat Is On Your Payroll: Drivers & Enablers Of Insider Threats”
cyber security, digital transformation, cybersecurity company culture, executive cybersecurity awareness, social engineering, open-source intelligence, data protection, cyber psychology, cybercrime, cyber threat landscape
Interview for the TAZ Newspaper (In German): „Jeder hat eine Schwachstelle. Betrüger bauen Vertrauen auf, um an Daten oder Geld zu kommen. Welche Tricks sie dafür nutzen, erklärt Sicherheitstrainerin Christina Lekati.“
Interview for Golem.de (In German): „Social Engineering: Die unterschätzte Gefahr“
Article for the Informatik Aktuell (in German): “Social-Engineering-Angriffe und die Psychologie dahinter“
Interview for the Dot Magazine: “Creating a “Human Firewall” for IT Security. Psychologist and social engineer Christina Lekati from Cyber Risk GmbH explains the psychological basis of phishing and how to arm staff with effective defenses.”
Interview for the ECO Association - Europe’s Largest Internet Association (In German): “Social Engineering: Mitarbeiter stärker für IT-Security sensibilisieren.”