Episode Overview
Podcast: CyberWire Daily
Host: N2K Networks
Guest: Marina Ciavatta, Social Engineer, CEO of Hackerty Inc.
Date: August 31, 2025
Episode Title: Marina Ciavatta: Going after the human error. [Social engineer] [Career Notes]
This episode spotlights Marina Ciavatta, a renowned Brazilian social engineer and CEO of Hackerty Inc., as she recounts her unconventional journey from aspiring writer and journalist to cybersecurity and social engineering. Marina provides candid insights into the pivotal role of human error in organizational security and the nuances of physical penetration testing. The conversation offers both personal anecdotes and practical advice for those interested in social engineering as a career.
Key Discussion Points & Insights
1. Early Aspirations and Background
- Childhood Dreams:
- Wanted to be “so many things,” notably an astronaut and a writer.
- Developed a lifelong fascination with technology and storytelling.
- On Writing and Communication:
- Maintained a passion for writing and storytelling from a young age.
- Was encouraged by a teacher to pursue communication due to her skill.
- Disillusionment with Journalism:
- Grew up “punk, anarchist and revolted,” and became critical of journalism due to corruption in Brazil and the media’s complicity ([03:40]).
- Sought to enter journalism to change it from within, despite little interest in traditional journalism careers.
2. Path Into Technology and Security
- Professional Pivot:
- Turned to technology-related content creation by writing critiques for a geek website ([08:00]).
- Landed a job as a technology content producer for an IT company, discovering cybersecurity and hacking as distinct specialties.
- “The people from the company were very surprised with my ease to write about security and hacking. And I got the job.” ([09:45])
- Falling in Love with Hacking and Social Engineering:
- Immersed herself in the hacking community and events throughout Brazil.
- “You have to learn the stories to be able to tell the stories.” ([10:20])
- Organized over 250 infosec events, which she describes as “hacking for people like me” — those with humanities, not purely technical, backgrounds.
- Social engineering was appealing because it focuses on culture and behavior rather than just technical knowledge.
3. Becoming a Social Engineer
- First Penetration Test:
- Transitioned into social engineering through a colleague’s invitation to assist with a physical penetration (pen) test ([12:30]).
- “Break and enter and steal stuff and I'm not going to go to jail. Yes, let's do it.” ([13:05])
- What the Job Entails:
- Her role is to test all layers of security in organizations, with a special emphasis on human factors.
- “I'm going after the human error to take advantage of someone who left a door open or that will believe me and try to help me... I'm gonna test how they respond to my mischievous acts.” ([14:00])
4. The Art and Challenge of Social Engineering
- Human Behavior is Key:
- Explains that her work is about identifying and exploiting lapses in human judgment—like gaining access through someone’s kindness or distraction.
- “If you're waiting for me at a door for checking my credentials, I'm just jumping through the back. I'm not there to pin to the door with your permission.” ([15:20])
- Advice for Aspiring Pen Testers:
- Recommends networking—“Try to find people who will help you. It is very hard to do this by yourself. You gotta go to the events, you gotta know people, you gotta start asking around because this is a huge field and it changes so fast.” ([15:50])
- Encourages young women: “Try to find other social engineers to mingle. It's in the name. We are social creatures. We won’t push you away. Quite the contrary.” ([16:15])
5. The Importance of Self-Control and Ethics
- Power and Responsibility:
- Emphasizes the need for self-control in social engineering.
- “A lot of people ask me about self-control and I gotta say, it is really hard if you don't have very good self-control. You may get unhinged, and that's very dangerous because you realize how powerful you can become.” ([16:40])
- Stresses the necessity of sticking to ethical boundaries: “You really have to stay to your script. Stay very truthful to why you're doing that.” ([17:00])
Notable Quotes & Memorable Moments
-
On the Misconceptions About Social Engineering:
- “Most people think I'm 007, you know, like just like Mission Impossible, I'm coming from the ceiling with a rope and stealing stuff in the dead of the night. But it's not.” ([01:33])
-
Finding Fulfillment:
- “That's when I noticed, okay, I have to work with something, because I guess that's what makes me happy.” ([08:30])
-
Humanities Background as an Asset:
- “I was interested in the culture and the behavior, the way people express themselves. And social engineering just spoke very loudly to me.” ([11:55])
-
On the Power and Danger of Social Engineering:
- “You may get unhinged, and that's very dangerous because you realize how powerful you can become.” ([16:45])
Timestamps for Key Segments
| Timestamp | Segment | |---------------|--------------------------------------------------------| | 01:33 | Marina introduces herself and the misconceptions about social engineering | | 03:40 – 05:20 | Growing up in Brazil; disillusionment with journalism | | 08:00 – 09:45 | From writing geek critiques to entering IT and security| | 10:20 – 11:55 | Falling in love with hacking culture & event organizing| | 12:30 – 13:05 | First physical penetration test | | 14:00 – 15:20 | Testing human error and describing her social engineer role | | 15:50 – 16:15 | Advice to future social engineers, especially women | | 16:40 – 17:00 | The importance and challenge of self-control |
Tone & Language
Marina is candid, humorous, and authentic throughout, using vivid storytelling and analogies to demystify social engineering. Her advice is practical, inclusive, and supportive, especially towards young women considering security careers.
Summary Takeaway
This episode delivers a compelling look into the personal journey and mindset required for a career in social engineering. Marina Ciavatta spotlights the significance of human error within cybersecurity, underscores the indispensability of networking, and shares vital reminders on ethics and responsibility. Her story is both a blueprint and an inspiration for those interested in blending storytelling, curiosity, and technology in their professional lives.
![Marina Ciavatta: Going after the human error. [Social engineer] [Career Notes] - CyberWire Daily cover](/_next/image?url=https%3A%2F%2Fmegaphone.imgix.net%2Fpodcasts%2F5b784df2-8443-11f0-88b2-bf6eaa7b4c62%2Fimage%2F910aaf148c5fdf3b9f89208a91f19df4.png%3Fixlib%3Drails-4.3.1%26max-w%3D3000%26max-h%3D3000%26fit%3Dcrop%26auto%3Dformat%2Ccompress&w=1200&q=75)