The short answer is, yes, there are holes. "There has never been a client who has hired us that we couldn't break," he says.

Once Mitnick and his colleagues find security lapses, they work with companies to fix them - a process called "hardening" - and train employees to thwart hackers. Mitnick insists that, although it's commonly thought to be largely a technical issue, true company security involves a variety of elements, people being the most ­important. That's because social engineering, a fancy term for manipulating people to get information, is so effective.

In some of his classes, which are held over two days, Mitnick demonstrates how social engineering works by way of a little ploy the night before the first session. Students in the class will get a call at one a.m. in the hotel where they're staying from someone claiming to be from the front desk. The person on the phone tells the sleepy guest that his credit card didn't go through and that he needs to come down and sort the matter out. Naturally, most people don't want to do that. No problem. The front desk generously offers to send someone right up to get new credit card information and a signature. Just like that, an identity thief has all the information he needs - a fact that class members are made aware of when they're handed their own signature and credit card info the next day in class.

In Mitnick's view, defending against social engineering - which takes building both awareness and resistance to all of the common scams - is every bit as important as installing the very best technology; ­indeed, if an employee decides to use his own name as a password to get into a company's computer system, or simply writes it down and tapes it to his screen, there's not going to be much protection. "If you have all the best technology in the world but your users are giving out their authentication credentials, all that money is wasted," says Mitnick.