Social engineering (SE) is a technique employed by cybercriminals that uses psychological manipulation to obtain sensitive information and gain unauthorized access to restricted areas or systems. Nearly 70% of US organizations experienced SE in 2017, resulting in a $2.76 million loss in operational downtime and revenues. The human factor is often regarded as the weakest link in cyberattacks, making SE a major concern for cybersecurity. Despite the significant threat posed by SE attacks, education, training, and general awareness of SE as a tool for cybercrime is low. This session examines one educator’s efforts to incorporate SE into cybersecurity education via offering hands-on SE course projects, hosting a national collegiate SE cybersecurity competition, and providing educator workshops. This session will also address: (i) training students in the area of ethics, (ii) designing SE projects from the ground up with thorough instructions and rubrics, (iii) ensuring ethics compliance and risk management, (iv) developing partnerships with industry, government, and nonprofits, and (v) engaging the community to ensure equal accessibility to cybersecurity education, broadening participation from diverse domains. Enlarging and diversifying the pool of students learning (and teachers educating on) SE will cast a wider net to recruit the most talented students and foster their creative potential as they enter the cybersecurity workforce.
