If you have not been able to attend one of his seesion, make sure you check the calendar of upcoming Users Groups, it will be worth the effort trust me.
Trace Security does the big hacking efforts, but they find attacking the company at the people level.
Jim shared an example of using a scripted attacks, hinding it within in Hallmark greting card. It is amazing the way they have it setup to spoof ecards to targeted companies they are paid to attack. He shared how they could take over machines that have web cams on them and actually see from it within the a target facility. Also how no 'real' hacker hacks at 3am in the morning. You do it during the day at busy times within the network, make the admins work for the traces.
Are you aware of Vishing? Evil Do'ers call your members and leave a message ask for them to call back at 800 number then force them to verify themselves to the caller.
What can u do? Member Awareness, don't send phone numbers in email, Shred Shred Shred. Jim's wisdom of the day: if your staff has to walk more than a few steps to shred, there is always a chance they aren't.