color-blocks-2

Certified Social Engineer™ (C|SE™)

Welcome to our flagship certification program offering intensive hands-on social engineering training unrivaled in the industry. Our social engineering course focuses on the two primary risks organizations face, phishing and phone attacks.

Our goal is two-fold. One, to teach you the skills hackers use so that you can build better information security training programs for your organizations. Our foundational belief is that an effective information security training program can only be built by an individual who understands how social engineering attacks are performed in the first place. Two, after completing this course, you will have the foundational skills needed to begin performing or enhancing your own social engineering engagements.

The course is a non-technical course that is 2 days in length and qualifies for 16 Continuing Professional Education (CPE) credits (certificate available upon successful completion of the course). Note: Course activites will continue into the evening of the first day. Some areas we will cover include, but are not limited to, the following:

  • Developing Rapport
  • Eliciting Information
  • Gaining and Using Influence
  • Pyschological Foundations of Social Engineering
  • Developing a Pretext
  • Spear Phishing
  • Phishing with Spoofed Emails
  • Analyzing SPF, DKIM and DMARC
  • Conducting Phone Attacks
  • Open Source Intelligence (OSINT)
  • Non-Technical Information Gathering
  • Physical Attacks (Pest Control, USB, etc.)

The Certified Social Engineer™ (C|SE™) exam is a hands-on, non-technical, practical performance-based "beyond multiple choice questions" exam where you will be required to perform an actual social engineering engagement on a non-competing organization contracted through Secure Guard Consulting. Certification is based on documenting a full in-depth report of social engineering activities performed. Required social engineering elements could include, as an example, the following (this list is fluid and non-exhaustive):

  • OSINT on target organization
  • Targeted spear phished or spoof emailed attack
  • Mass email attack
  • Generic phone attack
  • Targeted phone attack
  • Elicitation

Note: To register for either of these programs, you will be allowing us to target your organization, either during the certification exam, or during course work. All information will be maintained confidentially – all attendees will sign confidentiality agreements. If you are a student or don't have an organization that can be used, please contact us for options.

Tentative Dates and Locations (minimum 10, maximum 20 attendees per course)

  • March 9, 10 - West Des Moines, Iowa
  • April 6, 7 - Minneapolis, Minnesota
  • May 4, 5 - Iowa City, Iowa
  • May 18, 19 - Omaha, Nebraska
  • June 1, 2 - West Des Moines, Iowa
  • TBD - San Antonio, Texas
  • TBD - Orlando, Florida

Please contact us directly at certifications@sgcsecure.com or call 515-229-5674 if interested

Back to top

color-blocks-2

Certified Employee Information Security Trainer™ (C|EIST™)

NOTE: Successful completion of the Certified Social Engineer™ (C|SE™) certification is required to take this course.

How do we build a solid information security training program for employees in an organization? Do we use video training (e.g., KnowBe4)? Do we gather employees together as an organization once per year and talk to them or bring in an outside expert to discuss information security? Do we send emails periodically to employees about current events, or even reminders? How about digital signage, posters, flyers?

The Certified Employee Information Security Trainer™ (C|EIST™) certification program is designed to help answer these questions. Now that you've achieved Certified Social Engineer™ (C|SE™) status, you're ready to undertake these questions and establish a strong program. This certification program will walk through the essentials of what a strong information security training program looks like and how you can go back to your organization and implement one.

The course is 2 days in length and qualifies for 16 Continuing Professional Education (CPE) credits (certificate available upon successful completion of the course). Following a refresher on social engineering techniques and some practical exercises, some areas we will cover include, but are not limited to, the following:

  • When to use video training and how often to use it
  • How to do in-person onsite training, when, where and what frequency to do it
  • Poster usage
  • Digital Signage
  • Email reminders to employees
  • What to train employees on
  • How often to conduct simulated phishing campaigns
  • What types of simulated phishing campaigns to run
  • What other social engineering assessments - either internal or external to perform
  • Organizing into functional incident response units to stop attacks quicker
  • Techniques for delivering onsite in-person training

The Certified Employee Information Security Trainer™ (C|EIST™) exam will also be a hands-on practical "beyond multiple choice questions" exam where you will be required to perform the following (non-exhaustive list):

  • Establish an information security training roadmap with a minimum 1 year outlook.
  • Implement an action plan of how and when training will be performed.
  • Mass email attack
  • Identify any budgeting constraints.
  • Prepare onsite information security presentation.

Bundled course and practical exam costs are $2,850 (not including hotel and other travel related expenses).

Please contact us directly at certifications@sgcsecure.com or call 515-229-5674 if interested

Back to top