The weakest link in a security chain is often between keyboard and chair. We have a natural instinct as humans to trust someone’s word and although various technical means have been developed to cope with security threats, human factors have been comparatively neglected. As the infosec industry matures, security attacks are relying more on targeting people personally, often through social engineering. People can’t be fixed the same way a bug in your software can -- they can’t be maintained and they can't always be trusted. As software developers, we are spending a lot of time designing, perfecting and testing code. We’re taught to anticipate the behavior of a user and interact with it accordingly – a sort of trust between the end user and our creation. However, security vulnerabilities often stem from attackers finding the unexpressed possibilities in code and challenging the edge cases; constantly asking ‘what if I do this?’. In this talk I will explore what software developers are overlooking and explore the processes and technical controls that can be used to achieve a strong social engineering defense. Let me turn the tables and show you how social engineering should change the way we weave security into our testing, operations, and development workflows and be used to better secure code against human threats.