Human Hacking Conference – Year BETA

2020 was the kickoff of our first annual Human Hacking Conference (HHC), and unless you’ve been living under a rock (or you don’t follow us on social media), you’ve heard us discussing our flagship event ever since. We were excited to be hosting our second annual event, The Human Hacking Conference — Year Beta!

With an amazing lineup of trainers, we knew that we were going to be presenting something that had never been done before. But the road to Human Hacking Conference – Year Beta was not a smooth one. Just a few short weeks after HHC 2020, the world found itself amid a global pandemic. The uncertainty that this caused left a lot in the lurch when it came to planning a conference. Would we be able to pull off a 100% virtual conference? Would our attendees love it as much as they did HHC 2020?

First Things First – What is the Human Hacking Conference?

Chris Hadnagy, CEO of Social-Engineer, LLC, designed and created the HHC. Running the SEVillage at various security conferences inspired Chris to create a unique conference that explored human behavior in its various forms. After reaching out to experts in deception, body language, intelligence research, and nonverbal communication, he created a lineup of unique trainers. These trainers meant that the HHC appealed to a variety of people for various reasons. The skills and insights that our 2020 attendees gained benefited them in countless ways. The positive feedback about the event was overwhelming, motivating us to bring an even more exciting event to 2021.

So, for those of you experiencing FOMO from not attending and to those of you who would just like to relive it again…don’t worry, we got you! Let’s recap the Human Hacking Conference – Year BETA.

Thursday – Opening Ceremonies, accents, and more!

Our first day of HHC 2021 started super early for some of our attendees. Every morning we had our own Breakfast Club of early risers who wanted to kick things off before everyone else. Using our virtual platform, several of our attendees showed up at 8am (coffee in hand) to talk about their lives, their interests, and what they looked forward to from the conference.

For the rest of the attendees, the day started with Opening Ceremonies, presented by Chris Hadnagy. Chris started the conference by discussing what everyone had to look forward to over the next 3 days and reminded everyone of the core value of the HHC, “leave them feeling better for having met you.”

From there, our attendees left to jump into their workshops’ respective virtual spaces. We split the conference into tracks, with workshops held by experts in their respective fields. Let’s break down Thursday’s tracks.

Track 1 – Nonverbals

Applied Behavior Research’s CEO, Chase Hughes, kicked off the Nonverbal Track. Chase is not only a leading expert in behavior profiling, influence and interrogation, but is the author of The Ellipsis Manual. Chase’s training, Human Tradecraft™,  helped attendees learn about human behavior, why it matters and what to look for. They were able to walk away with details on what their own personality traits are and how those traits could be prohibiting their ability to influence.

“Head over heart, heart over pelvis, never move faster than when under water.” —Chase Hughes

Track 2: SE Pentest Track

The 3-day Social Engineering Risk Assessment (SERA) course took attendees through the process of conducting three of the main aspects of a SERA for prospective clients. Each day focused on a different area—OSINT, vishing, and phishing. Day 1 kicked off the SERA course with OSINT, taught by the Chief Operating Officer and OSINT trainer for Social-Engineer, LLC, Ryan MacDougall.

On day 1, the SERA students found out that they were being assigned a real target that they would use over the next three days. On their first day, they learned what OSINT is and how it can be used. They also learned how they would use the information they gathered throughout the rest of the course.

“Sometimes, when going down a rabbit hole for some time, you gotta realize you’re not doing OSINT anymore, you’re just browsing”. —Ryan MacDougall (paraphrased for clarity)

Track 3: Physical & Psychological Influence

Ian Rowland returned for a second year as a trainer at HHC. Famously known a “The Mind Man” (and a personal sonnet producer), Ian helps companies and people become more successful by teaching transformative mind skills. These skills allow his students to deliver practical benefits in their lives and businesses. Ian’s workshop, How to Make Minds Go Wrong, taught the attendees how to use their minds as immensely powerful, pattern-seeking, problem-solving machines. The techniques they learned helped them learn how to shape, influence, and modify another person’s perception and understanding.

“Every statement implies its negation. What isn’t stated can’t be negated”. —Ian Rowland

In the afternoon, Track 3 became home to our resident dialect coach. Joshua Bitton is one of the most sought-after acting and dialogue coaches in Los Angeles. Besides being an actor in his own right, Josh has coached some of the biggest names working today.

Josh came to HHC 2021 to teach his workshop The Mechanics of Breaking Down Dialects. This workshop  helped attendees develop characters and pretexts for engagements, especially when having a seemingly authentic accent would prove useful to the objective. By taking each word and breaking it down by sound, Josh was able to help his students achieve these accents, even though the majority of them have never spoken in those dialects before. Josh’s enthusiasm and humor made the class enjoyable for all.

“When I put on an Italian accent, I feel so much smarter.” — Josh Bitton

Friday – Living Security, Joe Navarro, and Vishing, oh my!

Our second day kicked off with Drew Rose, the CEO of Living Security, one of the sponsors for HHC! His keynote, “What if You’re Measuring Things Wrong?” delved into everything from dating apps to security culture. Drew encouraged everyone to look outside of the basics when it came to security testing— “Why is the only metric we care about is whether people click?” He also reminded everyone of the importance of always keeping our moral code: “It’s called empathy, use it. Let’s not abuse our power.”

“It’s called empathy, use it. Let’s not abuse our power.” —Drew Rose

Track 1 – Nonverbal Communication and Psycholinguistics

For over 25 years, Joe Navarro served as an FBI special agent who specialized in behavioral assessment that he used to successfully catch spies. For 2 years in a row, Joe has taught a fascinating nonverbal communication course at HHC. In fact, starting in 2021, HHC is the only place in the U.S. that you can receive a live training from Joe!

Joe is not only a #1 best-selling author, but he is also the expert in human behavior. Those attending Joe’s workshop learned how to analyze what people were saying and thinking just by studying their body language. They also learned about influence and how behavior could change from the clothes that we wear, our mannerisms, even our choices in color. Our students walked away armed with a full morning’s worth of knowledge that they could use in their lives.

“When the lips disappear – troubles are near.” —Joe Navarro

In the afternoon Track 1 became the home of Sam Qurashi, who had an hour-long session on psycholinguistics. Sam was a psychiatric resident in an addiction hospital, where he was able to help over 10,000 patients. However, after 7 years, he walked away from his career to find more effective ways to help people.

Sam’s Instagram page now has over 600,000 followers! He shares his thoughts and concepts on psychological patterns that keep people trapped in their own mental loops. Sam started studying psycholinguistics, which refers to the verbal and nonverbal communication that alters the state of self and others. Attendees were able to use this information to help them create a feeling of safety in others, to use influence behaviors, and to resolve conflict.

“By painting an image in the mind of a listener you are indirectly affecting the body.” —Sam Qurashi

Track 2 – Vishing with Curt and Shelby!

Shelby Dacko and Curt Klump are both Human Risk Analysts for Social-Engineer, LLC. With a focus on vishing and OSINT work, they were the perfect pair to teach the second day of our SERA course. Curt and Shelby focused on the psychology of vishing and how developing pretexts and flag lists were important to successful engagements. They also dove into the different aspects of what vishers fear the most – shutdowns.

“As a visher, we want them to be compromised. As a security trainer, we want to be shutdown.” —Curt Klump

Day 2 of the SERA course had our students using what they gathered in the OSINT portion on day 1. Using phone numbers that they were able to find, the students then made LIVE calls on their targets. The students made a call, armed with a list of flags that they were trying to obtain. Afterwards, specific feedback was given by the trainers, who are vishing experts. Following the feedback, the students then made a second call. Doing so enabled them to use the feedback and then critique themselves on how they felt they did.

It is important to note that these calls were not attempting to collect personally identifiable information (PII). The flags were similar to the flags obtained by contestants who compete in our SECTF competition. And while the course was not a competition, we did ask that they at least try a phone call during day 2.

“Bias is real. As vishers, we want our flags to use inherent bias to your advantage!” —Shelby Dacko

Track 3 – How to be like an FBI agent with Robin Dreeke

We all know and love Robin Dreeke, the CEO of People Formula and Behavioral Analysis Expert. After working as an FBI Special Agent and Chief of the Counterintelligence Behavioral Analysis Program, Robin pursued his passions. He has spent time studying and analyzing how to build healthy relationships by inspiring trust, especially in the professional setting.

Robin’s workshop, How to Assess People Like an FBI Behavioral Expert, discussed how behavioral analysis, framing the content, and background help build trust. He also taught the 5 steps of trust that are required for every interpersonal outcome. By using his life’s work to create this course, Robin truly helped his students gain a deeper understanding of the power of relationships.

Panel with Anne-Maartje Oud, Chris Hadnagy, and Joe Navarro

Friday also included our first panel discussion with workshop trainers Anne-Maartje Oud, Chris Hadnagy, and Joe Navarro. All were interviewed by Maxie Reynolds who kept the conversation focused on nonverbals and human hacking. With each expert weighing in on topics, our attendees were able to have their questions answered with a live Q&A segment!

Saturday – Cognitive Bias, Phishing, and being deceived by R. Paul Wilson

Saturday started with an amazing keynote from Perry Carpenter, Chief Evangelist and Strategy Officer for KnowBe4, an HHC sponsor! Perry spoke about a topic that is extremely important for not only security professionals, but for everyone. Perry reminded everyone that we all have biases, whether we know it or not. “Bias is coloring and affecting everything we do, every decision we make.” He also spoke on emotions, and how they affect everything we do—“We make decisions based on emotion, and then use logic to justify our decisions.” Perry left everyone with one of the most important reminders:

“Each generation as a whole needs to leave the world better than when we got here” —Perry Carpenter

Track 1 – Having Difficult Conversations and Trust and Credibility

Anne-Maartje Oud has been a behavioral adviser for over 20 years. As the CEO of The Behaviour Company, she helps customize personal development programs for companies worldwide. For HHC, Anne-Maartje created the course, The Art and Science of Conducting Difficult Conversations, to help attendees understand how to be more effective when having difficult conversations. Let’s face it, we all hate them and try to avoid them as much as possible. However, Anne-Maartje taught that if you prepare and create the right environment, difficult conversations are easier than you think.

“You have the best conversations when you create comfort for both parties” —Anne Maartje Oud

In the afternoon, track 1 became the home to Mark Bowden, creator of TRUTHPLANE, a communication training company. Their unique methodology helps people who must communicate with impact to an audience. Mark just happened to be in the same area as HHC 2020 and attended the conference last minute. For 2021, we brought him on board as a trainer. His course, The Body Language of Trust and Credibility for Nonverbal Influence and Persuasion, was designed specifically for HHC. Mark’s course helped his students understand that “it’s not often what you say, but how you say it that gets results.”

“Body language is not a language. It indicates a feeling and intention of the now, not the past or future.” —Mark Bowden

Track 2 – SERA Day 3 – Phishing with Maxie and Chris

To finish the third day of the SERA course, Chris Hadnagy was joined by Maxie Reynolds. Maxie is the Technical Team Leader at Social-Engineer, LLC. She is also the author of The Art of Attack – Attacker Mindset for Security Professionals, out in June 2021. Together, this dynamic duo guided the students through the last section of the course. By using what they gathered via OSINT on day 1 and using the flags they got over the phone on day 2, the students joined all of that together to learn how to craft a phish for their target company.

“Learning how to phish is easy; learning how to apply {these skills} is the hard part”. —Chris Hadnagy

Important note: NONE of the phish created were sent to any of the target companies, as this is illegal. After discussing the psychology of phishing and how to set up a phishing campaign, the students crafted 4 levels of a single phishing email. These emails were then studied by the trainers. Afterwards, live feedback was given to help the student learn what was effective and what would get flagged.

After three days of extensive work, our SERA students walked away with the knowledge of how to perform necessary aspects of a social engineering risk assessment. Congrats to all of our first ever SERA students!

“Scope is your get out of jail free card, and your “never go to jail” card.” —Maxie Reynolds

Track 3 – Being Deceived by R. Paul Wilson

Back for his second year in a row, master deceptionist, R. Paul Wilsoncame armed with his knowledge of magic, illusions, and sleight of hand. His course, Physical and Psychological Influence: Impossible Deception, explored expert deception that used pure skill and sleight of hand. By using clear examples from his unique perspective, R Paul helped draw the line between deceptive manipulation and how the same principles could be applied with the right mindset.

Students were entertained by this highly-interactive course that helped them understand human deception better. Immediately following his course, R Paul sat down for an interview with Chris Silvers. This engaging interview helped attendees get to know R Paul even better and hear fascinating stories of his life’s work.

“People who build walls think differently from those who go around, under, over, through or ignore the wall completely.” —R. Paul Wilson

A Conversation with Chase Hughes and Shane McCombs

Chase Hughes and Shane McCombs, COO of the Innocent Lives Foundation (ILF), sat down for an impromptu conversation. The conversation was about how the ILF and Chase’s work overlap. Chase and Shane discussed how they can often spot a predator through observational skills. They also discussed how trauma and memory affect each other. This fascinating interview and all keynotes and panels will be available to listen to soon!

Evening Events: Escape rooms and Speed Dating for Professionals

Fun events were held each night to help the attendees unwind after a long day of learning. First off was the exciting CyberSecurity Escape Rooms, put on by Living Security. These were not just typical escape rooms, but rooms specifically designed by Living Security to help educate users on things that potentially could be used by malicious attackers. All three nights, our attendees competed together to get through the escape rooms and to claim the top spot of the leaderboard!

Brought to the HHC by our sponsors, CG Silvers Consulting, all three nights had networking tables. What are networking tables? When you join a table, you are added to a room with up to 4 different people. For 10 minutes, you were there to chat about whatever you want After the 10 minutes were up, you are moved to another table with another set of 4 people. So, in other words, it was speed dating for professionals! Unlike speed dating, these networking tables were fun and engaging. So much so that, on the last night of HHC, we extended these tables for an additional hour due to high demand.

For those who really needed to have some fun and play some games, we also had a room running Jackbox games all three nights!

And for the final conclusion, we had an amazing show put on by mentalist and comedian Tom Kennedy! The show was not only fascinating, but also hysterical.

Thank You!

With that, HHC 2021 was over. It was an amazing three days that wouldn’t have been possible without our amazing sponsors. Thank you to KnowBe4, Living Security, CG Silvers Consulting, and Social-Engineer, LLC!

It also completely hinged on our amazing attendees. They did not simply log on each day to sit through a conference. They were involved with every part of it. In the event platform, community boards were available for attendees to enjoy discussions. This board became so much more than just a normal forum. Our attendees showed up and interacted with each other through these boards.

The topics ranged from their work in cybersecurity to their favorite tools. And from there they branched into so much more. Discussions like “favorite quotes” allowed everyone to experience courses they were unable to attend. One attendee created the board “Good News!” to let others share their positive news, to celebrate it together. Something that we all truly needed after the rough year everyone had.

The most popular board? “HHC Pets!” where attendees shared what their pets were doing during the conference. The community board became a room we hadn’t prepared on our own but was created by the attendees. Would HHC have been the same without it? No, it would not. So, thank you to each of our attendees who showed up, who interacted, and who left us feeling better for having met you.

Next Year

We know, you are waiting for the big announcement for our 2022 event. What we can tell you is we are absolutely having a 2022 event; however we are still deciding on dates and locations. While we hope the world will return to a new normal soon, we are waiting for more information on which direction we should go. Not good enough for you? No worries, you can still register for the event now and you’ll be updated on the official details when they are decided!

Until Next Year…

So, was 2021 as successful as 2020? We’ll let our attendees answer that question.

“After last year I really wasn’t sure how Hadnagy was gonna top his first HHC. And yet, here I am, witnessing it.” —Richard Davy

This was not just due to one or two people, but to everyone who worked at and attended the conference. Our behind-the-scenes team worked tirelessly for weeks on end prepping and preparing for the conference. Huge shout out to our Director of Events, Lauren Robinson and her assistant, Tracey McLaughlin for the days and nights they spent preparing every detail. Also, to our amazing team who worked for three long days running the rooms and problem solving through unexpected issues.

So, until next year, stay safe!