I did get a huge endorphin rush when I was able to crack a system because it was like a video game.

The methods that will most effectively minimize the ability of intruders to compromise information security are comprehensive user training and education. Enacting policies and procedures simply won't suffice. Even with oversight the policies and procedures may not be effective: my access to Motorola, Nokia, ATT, Sun depended upon the willingness of people to bypass policies and procedures that were in place for years before I compromised them successfully.

I get hired by companies to hack into their systems and break into their physical facilities to find security holes. Our success rate is 100%; we've always found a hole.

Back in my day, I would probe by hand. Now you can get commercial software that does the job for you.

Social engineers veil themselves in a cloak of believability.

You can never protect yourself 100%. What you do is protect your self as much as possible and mitigate risk to an acceptable degree. You can never remove all risk.

Social engineering bypasses all technologies, including firewalls.