Publication Date



The goal of this research is to describe an active learning opportunity that was conducted as a community service offering through our Center for Cybersecurity Education and Applied Research (CCEAR). As a secondary goal, the participants sought to gain real world experience by applying techniques and concepts studied in security classes. A local insurance company tasked the CCEAR with assembling a team of students to conduct penetration testing (including social engineering exploits) against company personnel. The endeavor allowed the insurance company to obtain information that would assess the effectiveness of employee training with regard to preventing the divulgence of sensitive information. The team of students assembled organized, planned and executed all penetration testing. This academic opportunity allowed the students to build experience transacting the social engineering while laying the groundwork for future projects that will allow additional students to build and expand the process outlined in this study.