The key to social engineering is influencing a person to do something that allows the hacker to gain access to information or your network.

Companies spend millions of dollars on firewalls and secure access devices, and it's money wasted because none of these measures address the weakest link in the security chain: the people who use, administer and operate computer systems

But a lot of businesses out there don't see the return on investment, they look at it as a liability, and until they can understand that proactive security actually returns, gives them a return on investment, it's still a hard sell for people.

I can go into LinkedIn and search for network engineers and come up with a list of great spear-phishing targets because they usually have administrator rights over the network. Then I go onto Twitter or Facebook and trick them into doing something, and I have privileged access.

No way, no how did I break into NORAD. That's a complete myth. And I never attempted to access anything considered to be classified government systems.

I made stupid decisions as a kid, or as a young adult, but I'm trying to be now, I'm trying to take this lemon and make lemonade.

My actions constituted pure hacking that resulted in relatively trivial expenses for the companies involved, despite the government's false claims.