Social engineering and human defences¶

Social engineering succeeds not because people are careless but because the techniques are designed to exploit the conditions under which people operate: time pressure, authority cues, familiarity with certain visual patterns, trust in infrastructure they cannot inspect. Defending against it requires understanding how those conditions work, not just drilling recognition of last year’s examples.

The pages in this section apply the foundations to social engineering defence: why most security awareness programmes produce the wrong kind of learning, what a programme built on current attacker techniques looks like in practice, and how the Satir arc runs through the transition from compliance-theatre simulation to continuous, systems-level testing.