Core Concept

The Gap Model

Social engineering exploits the gap between security policy and human behavior. This gap exists in every organization and represents the attack surface that adversaries target.

Knowledge Gap

Difference between what employees should know and what they actually know about security

• Failed phishing simulations

• Policy violations

• Unreported incidents

Behavior Gap

Difference between what employees know and what they actually do

• Password reuse

• Tailgating acceptance

• USB device usage

Culture Gap

Difference between stated security values and actual organizational culture

• Leadership bypass of controls

• Security seen as obstacle

• No reporting culture

Process Gap

Difference between designed security processes and actual workflows

• Shadow IT

• Workarounds

• Undocumented procedures

Methodology

Framework Phases

Seven structured phases from initial threat modeling through remediation and continuous improvement.

Select a phase above to explore activities and deliverables

Assessment Tool

SESA Scoring System

Social Engineering Susceptibility Assessment (SESA) provides quantitative measurement across six key dimensions of organizational resilience.

SESA Score

5.0

Basic

Significant vulnerabilities exist. Immediate focus needed on awareness training and process formalization.

0510

Security Awareness

Organizational understanding of social engineering threats and recognition capabilities

5

Weight: 1.2x

LowHigh

Process Maturity

Formalization and enforcement of security procedures across the organization

5

Weight: 1x

LowHigh

Security Culture

Integration of security mindset into organizational values and daily operations

5

Weight: 1.1x

LowHigh

Technical Controls

Technology-based defenses that reduce social engineering attack surface

5

Weight: 0.9x

LowHigh

Incident Response

Capability to detect, respond to, and recover from social engineering attacks

5

Weight: 1x

LowHigh

Organizational Resilience

Ability to maintain operations and recover from successful social engineering attacks

5

Weight: 0.8x

LowHigh

Dimension Breakdown

5

Security Awareness

5

Process Maturity

5

Security Culture

5

Technical Controls

5

Incident Response

5

Organizational Resilience

Attack Library

Technique Taxonomy

MITRE-aligned categorization of social engineering techniques with psychological levers, indicators, and mitigations.

20 techniques

Select a category above to explore techniques

Human Factors

Psychological Levers

Understanding the cognitive biases and psychological principles that social engineers exploit.

Authority

Tendency to comply with perceived authority figures

Exploitation

Impersonating executives, law enforcement, IT administrators

Defense

Verification procedures, out-of-band confirmation

Urgency

Reduced critical thinking under time pressure

Exploitation

Creating artificial deadlines, crisis scenarios

Defense

Pause procedures, escalation protocols

Trust

Reliance on established relationships and familiarity

Exploitation

Impersonating known contacts, exploiting vendor relationships

Defense

Verification for sensitive requests, trust but verify culture

Fear

Compliance driven by threat of negative consequences

Exploitation

Account suspension threats, job threats, legal threats

Defense

Reporting culture, escalation without fear

Helpfulness

Natural inclination to assist others

Exploitation

Requesting assistance with seemingly innocent tasks

Defense

Security awareness about helping strangers

Reciprocity

Obligation to return favors

Exploitation

Providing small gifts or help before making requests

Defense

Awareness of reciprocity manipulation

Social Proof

Following the actions of others

Exploitation

"Everyone else does this", "Your colleagues approved"

Defense

Independent verification, question group actions

Scarcity

Increased value perception of limited availability

Exploitation

Limited time offers, exclusive access

Defense

Pause before acting on scarcity claims

Adversary Classification

Threat Actor Tiers

Understanding adversary capabilities helps calibrate defensive investments and assessment rigor.

1

Opportunistic

Low-sophistication actors using widely available tools and techniques

Resources: Minimal - public tools, basic scripts

Sophistication: Low - template-based attacks, mass targeting

Script kiddies Bulk phishing operators Credential stuffing

2

Organized Criminal

Professional criminal organizations with dedicated SE capabilities

Resources: Moderate - purchased infrastructure, specialized tools

Sophistication: Medium - targeted campaigns, pretext development

BEC gangs Ransomware groups Financial fraud rings

3

Advanced Persistent

Sophisticated actors with long-term objectives and significant resources

Resources: Significant - custom tooling, dedicated personnel

Sophistication: High - extended reconnaissance, multi-vector attacks

APT groups Industrial espionage Competitive intelligence

4

Nation-State

State-sponsored actors with unlimited resources and strategic objectives

Resources: Unlimited - full intelligence capabilities, insider placement

Sophistication: Very High - years-long operations, physical-cyber convergence

Intelligence agencies State-sponsored groups Strategic espionage

Engagement Types

Operational Modes

SEF supports two distinct operational modes based on organizational objectives and risk tolerance.

Assessment Mode

Low Risk

Controlled testing to measure susceptibility without causing harm

Scope

• Phishing simulations
• Vishing assessments
• Physical access testing
• OSINT analysis

Deliverables

→ SESA score
→ Gap analysis report
→ Remediation roadmap
→ Training recommendations

Operations Mode

High Risk

Full-scope red team operations simulating real adversary behavior

Scope

• Multi-vector campaigns
• Physical intrusion
• Objective achievement
• Persistence testing

Deliverables

→ Attack narrative
→ Compromise evidence
→ Detection gap analysis
→ Control effectiveness report

Foundation

Human Layer Threat Modeling (HLTM)

HLTM is the foundation of SEF, providing systematic identification of human-centric attack surfaces before assessment begins.

1

Asset Identification

Mapping personnel with access to critical systems, data, or decisions

→ Key personnel list

→ Access matrix

→ Value assessment

2

Threat Mapping

Identifying likely adversaries and their human-targeting capabilities

→ Threat actor profiles

→ Capability assessment

→ Historical TTPs

3

Vulnerability Analysis

Assessing organizational susceptibility to social engineering

→ Cultural factors

→ Process gaps

→ Training deficiencies

4

Attack Path Modeling

Designing likely attack chains targeting human vulnerabilities

→ Attack trees

→ Kill chains

→ Success probability

Coming Soon

Adversarial Minds

The Psychology of Social Engineering

A comprehensive exploration of social engineering psychology, techniques, and defenses. This book provides the theoretical foundation for the SEF methodology.

01 The Psychology of Compliance

02 Cognitive Biases in Security

03 The Gap Model

04 HLTM Methodology

05 SESA Framework

06 Technique Taxonomy

07 Defense Architecture

08 Building Resilience

Free Download

Download the Complete SEF (PDF)

Get the full tactical blueprint including threat matrices, SESA worksheets, assessment checklists, and implementation guides.

Complete SESA scoring worksheets
Technique taxonomy with mitigations
Phase-by-phase implementation guide
Threat actor response matrix

About the Author

Kai Aizen is a GenAI Security Researcher specializing in adversarial AI, social engineering, and human-layer security. He is the creator of the AATMF and SEF frameworks and author of Adversarial Minds.

About Kai →

Related Frameworks

AI AATMF - Adversarial AI Threat Modeling LLM P.R.O.M.P.T. - Prompt Engineering