Social engineering has a reputation problem. Most people hear the term and think phishing, scams, and threat actors. AJ Nash and guest Ashley Stryker push back on that framing in this episode of Unspoken Security. The conversation opens by defining social engineering on its own terms: the act of understanding how people work and using that knowledge to get them to take a specific action. The technique itself is neutral. What determines whether it crosses a line is motive and outcome.

From there, the conversation moves into the mechanics. Urgency is one of the most effective social engineering tools threat actors use because time pressure cuts off critical thinking. Stryker argues that the real defense is not training people to recognize a specific type of phish. It is training them to pause before acting on anything that creates pressure around money or security. She also makes a pointed case against security awareness programs that raise awareness without giving employees something concrete to do. Information alone does not change behavior. Action does.

The episode closes with the show's signature "unspoken" segment, where Stryker shares the full story behind why she goes by her last name. It turns out there are several reasons, including a divorce, an ex-husband with the same first name, and a deliberate operational security strategy she has used since entering the cybersecurity field.