Joe Gray

Senior Security Architect, IBM

“Phishing: It’s Not Just for Pentesters – Using Phishing to Build a Successful Awareness Program”

Social engineering attacks remain the most effective way to gain a foothold in a targeted organization. When technology holds up to the test of attack, the human element is often exploited for entry into an organization. The frequency and level of training an employee receives can thwart an attack or amplify it. An example is the Google Docs attack that occurred recently. This attack propagated to a status near that of a worm in part because people were not trained to spot the issues. This talk will discuss the dynamics of creating an effective awareness program and teach practitioners how to create and run a successful internal phishing program to measure the efficiency of the training and help keep users on their toes.


Joe Gray joined the U.S. Navy directly out of High School and served for 7 years as a Submarine Navigation Electronics Technician. Joe is currently a Senior Security Architect and maintains his own blog and podcast called Advanced Persistent Security. In his spare time, Joe enjoys attending information security conferences, contributing blogs to various outlets, training in Brazilian Jiu Jitsu (spoken taps out A LOT!), and flying his drone. Joe is the inaugural winner of the DerbyCon Social Engineering Capture the Flag (SECTF) and was awarded a DerbyCon Black Badge. Joe has contributed material for the likes of AlienVault, ITSP Magazine, CSO Online, and Dark Reading.

Become a Source Insider

Get promotions and special offers directly to your inbox.