1 minute reading
About Chris Bollerud
Chris Bollerud is Chief Information Security Officer at AppZen, an AI-powered autonomous finance platform, where he has matured the security program from early-stage foundation to enterprise-grade, achieving six concurrent compliance certifications while reducing sales cycle friction from 20% of deals blocked to under 5%. With over 20 years of software engineering experience, including designation as an HP Master Engineer (top 5%) with a patent for process monitoring innovation, he combines deep technical credibility with business acumen (MBA, CISSP, CISM) to drive security as a business enabler.
Detecting Signals in the Noise of Social Engineering
As social engineering becomes more refined, the traditional “rule-based” simulations of the past are no longer sufficient. The core topic addressed here is the emergence of patterns in refined hacking attempts. While a “one-shot prompt” might be dangerous, it is in the repeated, multi-directional social engineering attempts that patterns emerge, allowing AI to detect signals that a human might miss. This session explores how security can act as a strategic enabler by embedding intelligence directly into business workflows to catch these sophisticated threats.
Key Quotes:
- “Security should act as a business enabler not a bottleneck”.
- “Awareness is always going to be the most important thing you can do with your user base”.
- “We need to do all these pieces together holistically. Not no one of them is going to work by itself”.
Layered Defense and High-Value Targets
Chris challenges the notion that non-technical employees are always the most vulnerable. Instead, he identifies those with high-level access—such as accounting departments—as prime targets. He shares that he frequently visits the accounting team to joke about requests for bank account changes, which serves as a form of informal training to keep them vigilant against business email compromise.
According to Chris, attackers are shifting away from company devices, preferring “friendly communications” via SMS, Facebook, or LinkedIn to build false trust with employees. To counter this, he advocates for a “defense-in-layers” strategy. This holistic approach includes email protection to prevent the initial click, a secondary review process for links, and mandatory Multi-Factor Authentication (MFA) to ensure that credentials alone are not enough for a breach. He also encourages the use of “back channels,” where employees verify suspicious requests through a second internal platform like Slack or Teams rather than replying to the original communication.
Discuss Your Organization’s Human Risk Challenges – Book a Meeting
