In compliance drivers in social engineer
In social engineering and pen testing, you need to think about compliance.
Organisations have compliance, if they don’t follow it, they have to pay large penalties, it may also be your job to make things run in a compliant manner and ensures that everyone follows it, and make sure that people follow it.
If employees aren’t aware, then they won’t follow it, unless they accidentally cause something, which is reactive, no proactive.
When you are doing some security assessment, the procedure and see if there is any fall and how to improve it.
E.g. ID card and who can access what.
Document everything, and find the documentation that you need, so request it from the right people.
Are people really following procedure, or just being silly goobers and turning a blind eye? (Essentially ignoring policy and taking it for granted, more common than you’d think!)
if you find gaps, you can see attacks that can happen, show employees and the organisation, and they’ll be aware and more cautious.