All in all, ‘Unmasking the Social Engineer’ seems too much like the addendum that could have been added in a reprint of ‘Social Engineering: The Art of Human Hacking’. That way, at least, it’d have been worth the cost, as it is as expensive as its older brother, but not quite as valuable. Was it worth it to me personally? Yes. But, I’m a collector, an S.E. enthusiast, and have ample room in my budget.
To anyone who is interested in social engineering as an art or science – passing or otherwise? Not really. Does it fulfill its role as a protective tool against non-verbal communication? Again, not really. There’s just too much of an awkward balance between in-depth explanation and practical advice. It doesn’t feel specific and structured enough to be a blueprint, and not inclusive enough to be a handbook.
And, it’s not practical and demonstrative enough to be either of those. So, I’m left stranded as to who to recommend this to – because honestly, I’d much prefer to recommend Ekman’s work and explain its application in a much more condensed format.
This long list of sometimes seemingly insignificant complaints might give you the impression that I believe ‘Unmasking the Social Engineer’ is a bad book. It’s not.
It’s characteristically fun to read and well-written, well-researched and competently edited – I really do mean that. Hadnagy, Ekman and Kelly are all absolutely brilliant – geniuses in their respective professions. the former two have been my idols and examples for many years, and that isn’t without reason.
However, this amalgamation of awesome names and backgrounds does not hide the fact that ‘Unmasking the Social Engineer’ doesn’t really fit in anywhere, nor does it excuse it its faults. It is clear what it set out to do, and it it’s also clear what it became instead. Maybe it would fit as a quasi-handbook mostly read in preparation of Hadnagy’s consultation and auditing services, where he can demonstrate its application and answer questions and expand more thoroughly on raised topics in person. Otherwise, and to anyone with any time on their hands, there are plenty of better alternatives.
It is serviceable, but it does not stand well on its own – it simply doesn’t provide enough deeper understanding or contextualization to match Ekman’s books plus an evaluatory article or two and a list of exercises. Those will inevitably accomplish far more, and provide both beginning and advanced social engineers with a more complete, if not a more well-rounded experience.
And to be blunt, if he were to paraphrase and condense this book’s contents into a couple of rules to follow and a couple of exercises to practice, (e.g. ‘Always ask for ID and external authorization – no exceptions’), with a short seminar explaining the more fundamental ‘how’s’ and ‘why’s’, I think he’d end up providing the client companies’ personnel with both more practical and intuitive ways to defend themselves against Social Engineering attacks.
One good thing about reason I will share, is that it did provide a nice basis and motivation for comfortably reassessing the ways in which I’ve been putting Social Engineering into practice, and imagine possible new applications of the things listed in the book – an elaborate sequence of thought experiments, if you will. However, that occurs naturally with any piece of information, not just this book, so take from that what you will.
Over-all, I ended up finishing this book with the strong impression it was not worth my time, if only because I didn’t need this book in the same way that I needed ‘Social Engineering: The Art of Human Hacking‘ – it’s just not definitive, exhaustive and expansive enough. It doesn’t encapsulate enough for me to forget the fact that I already know what’s in here in vastly more detail.
Maybe I’m just not his audience anymore – but if so, neither is the rest of the /r/socialengineering community.
Still, I don’t regret buying this book. Why? Well, because there is no person out there responsible for the defining, refining and promoting of an entire discipline of applied psychology quite like Christopher Hadnagy is. He is a legend, a champion, and a sage of Social Engineering – and he deserves all due recognition and credit for it. Ultimately, though, my personal celebration and veneration of his person is not sufficient reason for you to spend money on this one book I am certain you won’t need.
With love,
– Joven