I finished reading this highly recommended book last week, and then I read it once more. Not having any practical experience with the subject of the book, I was mostly interested in the behavioural/psychological aspect of things, I guess. Consequently, I found the sections on physical tools or NLP a little out-of-place, even if they can really be eye opening to some. Just saying. I'll also say that I won't comment on how legal impersonating a police officer is. :-)

The writing style starts off as highly technical, a real carpet bombing of facts. At no point during the first few chapters will the book try to spark an original thought from you, or back itself up with evidence. The author (Chris Hadnagy, a well known speaker on the subject of social engineering) admits many of the ideas in the book deserve a lot more attention. To be fair, the book is focused on the pen-testing point of view; elicitation, deception or other ways to punch a deeper hole in your customer. If you come from a technical computing background or pen-testing, then you can learn much from this book about using human skills next to code cracking. Once you get past the first couple of chapters, the tone lightens up, improving readability along with the great illustrations and it gives you an interesting and enlightening look into areas you may not have considered as relevant before. But if you have previous training or knowledge of psychology already, don't expect to come away with many gems from this book. Most of it has already been said - you may find it nice to have most of it in one place, though.

Another reflection of the focus on penetration testing is viewing people as the problem rather than the solution, for the most part (I especially noted and agreed with the part where Hadnagy writes that a bunch of paranoid people won't solve any problems; instead we should educate and promote critical thinking). While our psychological nature may be easily exploited, a penetration tester should be careful to not distance her work from the people it refers to; it is that very nature that will help the empathizing pentester guide and drive positive changes in an organization's structure/policies/etc. Exploiting people to make organizations secure? Why not? Maybe that should be Hadnagy's next book.

I'd like to see some sections being analyzed or researched in more detail. One particular example is the chapter on "Interview and Interrogation", an area which is very rich both practically and academically.

With the plethora of books already available on software and hardware security, this book is a wonderful introduction to the X factor. I'd say it's a great starting point that presents an overview of themes and concepts that penetrate from the narrow viewpoint of penetration testing all the way to everyday life, but those that need a deeper view have to resort to psychology literature which is much more complete.