Social engineering can be difficult to deal with. People inherently want to give out information, especially to Human Resources or the executives. Ira Winkler and Brian Dealy have written an excellent paper, available here. In this article, I want to unpack some of the security implications, and reiterate the “lessons learned” for my readers.