We have problems with our physical security, operational security through to management.
There is no patch for stupidity.
I saw myself as an electronic joy rider.
I was pretty much the government's poster boy for what I had done.
I can go into LinkedIn and search for network engineers and come up with a list of great spear-phishing targets because they usually have administrator rights over the network. Then I go onto Twitter or Facebook and trick them into doing something, and I have privileged access.
Social engineering is using manipulation, influence and deception to get a person, a trusted insider within an organization, to comply with a request, and the request is usually to release information or to perform some sort of action item that benefits that attacker.