Article · Wikipedia archive · Last revised Jun 13, 2026

Certified social engineering prevention specialist

Certified Social Engineering Prevention Specialist (CSEPS) is a social engineering security-awareness training and professional certification program originally developed by Kevin Mitnick and Alexis Kasperavičius.

Last revised
Jun 13, 2026
Read time
≈ 2 min
Length
425 w
Citations
17
Source
Wikipedia ↗

Certified Social Engineering Prevention Specialist (CSEPS) is a social engineering security-awareness training and professional certification program originally developed by Kevin Mitnick and Alexis Kasperavičius.123

Course structure

The original CSEPS program was structured as a multi-module corporate security-awareness course designed to teach employees, managers, and IT personnel how social engineers manipulate human behavior to bypass technical security systems.4

The curriculum combined case studies, psychological analysis, attack demonstrations, pretexting exercises, and operational security scenarios.5

The course materials described social engineering as the exploitation of "the human factor" in information security and argued that traditional technical defenses alone were insufficient to protect organizations from deception-based attacks.4

The training program was divided into instructional modules covering topics such as:

  • social engineering methodology and threat analysis
  • intelligence gathering and reconnaissance
  • dumpster diving
  • pretexting
  • elicitation technique
  • telephone-system exploitation and caller-ID spoofing
  • psychological influence techniques
  • industrial espionage
  • identity theft
  • organizational vulnerabilities
  • security policy development and employee awareness training653

The course also analyzed historical and contemporary case studies involving information theft, corporate espionage, fraudulent wire transfers, and telephone-based impersonation attacks.4

Training exercises required participants to analyze how attackers established credibility, manipulated trust, overcame objections, and exploited organizational procedures.5

According to The Wall Street Journal, CSEPS was delivered as a two-day "boot camp" course costing approximately US$1,500 per attendee.1 Clients reportedly included the United States Air Force and the United States Marine Corps.1

The certification examination included multiple-choice and written-response sections dealing with social-engineering defense scenarios and mitigation strategies.2

History

In 2003, Mitnick and Kasperavičius partnered with the Florida-based IT training company Intense School Inc. to offer CSEPS classes throughout the United States.1

In 2020, Mitnick partnered with security-awareness training company KnowBe4, and elements of the original CSEPS material became incorporated into KnowBe4's social-engineering awareness training offerings.78

References

References

  1. "Ex-Hacker Kevin Mitnick Teaches From Experience". The Wall Street Journal. October 15, 2003. p. B1.
  2. Gray, Patrick (June 6, 2005). "A Tale of Two Hackers". Wired. Archived from the original on June 8, 2005.
  3. Kotadia, Munir (13 April 2005). "Human firewall a crucial defence". ZDNet. CBS Interactive. Archived from the original on 23 October 2019. Retrieved 3 June 2026.
  4. CSEPS Training Workbook – Module 1: Understanding Social Engineering. Defensive Thinking, LLC. 2003. pp. 1–15.
  5. CSEPS Training Workbook – Module 3: Pretexting and Execution. Defensive Thinking, LLC. 2003. pp. 1–16.
  6. CSEPS Training Workbook – Module 2: Planning the Attack. Defensive Thinking, LLC. 2003. pp. 1–14.
  7. "Kevin Mitnick Partners With KnowBe4" (Press release). PR Newswire. June 12, 2012.
  8. Sjouwerman, Stu (July 16, 2020). "I hired an infamous hacker—and it was the best decision I ever made". Fast Company.