Chapter One

I have worked for some extremely vulnerable companies. The most being The Fresh Market. The growth that they were experiencing at the time was almost paralyzing. They were putting technologies in place to try to help with efficiencies, but they were not tested well enough in our environment to keep them safe. Some savvy employees learned to "break in" if you will. I will give you an example if you promise not to tell. Promise? Okay. I was an energetic and eager young recruit that wanted desperately to get ahead and be promoted to the store manager level. I was currently working for a DM that had not heard how cool feedback was. We were in the dark with how well we were or were not doing. On a trip to Tallahassee, he had left his e-mail up on our computer. In his sent box was a spread sheet ranking all of the assistant managers including their strengths and weaknesses. I looked at mine and my greatest competition. I worked hard on my weaknesses and was still passed up the first time the promotion was available, but got it the second time. I know we would all love to say that we wouldn't do that if they were in my position, but I'm not sure how many would turn down that opportunity. This story is a little off the mark of chapter one because I wasn't trying to break into a firm for malicious reasons, but rather I had justified my actions based on the poor management of my supervisor. Isn't that how most internal security is rationalized?
So many companies take for granted the level of security that they are currently at. It is a cost the they are not willing to pay for. As we read in chapter one, securities weakest link is is the 'social engineer.' In my personal example I felt that I was a positive 'social engineer.' The more I understood my strengths and weaknesses the more valuable I could be to the firm. Other 'social engineers' have more malicious intentions. I feel that the cost of such attacks by the bad 'social engineers' will clearly outweigh the original cost of making your firm more secure.