What an Analyst Finds in 60 Minutes
Before your morning briefing ends, an adversary using nothing but open sources has already mapped your home address, your family, your travel patterns and three of your old passwords. Here is the exact sequence.
The clock starts at a name
Every exposure assessment we conduct begins with a single input: the subject's full name and the country they operate in. Nothing else. No insider access, no purchased data, no network intrusion. What follows is what any motivated individual with a browser and two hours can produce.
The average European executive has no reliable picture of what this produces. They assume professional separation protects them. It does not. The exposure is structural — built into the way modern internet infrastructure, commercial registries and social platforms function.
Step 1 — Identity anchoring (0–10 min)
The first objective is to anchor the subject's identity across platforms: confirm the correct individual, identify their most active digital presence and locate any public identifiers that will serve as keys to deeper lookup.
In the Netherlands, the KvK (Chamber of Commerce) is a primary OSINT resource. Company registrations list director home addresses by default. Many executives are unaware their private address is legally required — and publicly searchable — at the time of registration, and remains so for years after changes are filed.
Step 2 — Social graph construction (10–25 min)
The subject's name now becomes a node. The objective is to map edges: who connects to them publicly, what those connections reveal, and where those individuals have lower operational security than the target themselves.
- LinkedIn connections and endorsers — endorsements confirm working relationships the subject has not publicly disclosed.
- Tagged photographs — conference appearances, charity events, and board dinners locate the subject physically and temporally.
- Family members' public accounts — children's school activities, a partner's check-ins, a sibling's public Facebook post showing a family home.
- Personal assistant and security staff — their LinkedIn profiles list their employer, often with a photograph of their principal's vehicle or premises.
Step 3 — Credential exposure check (25–35 min)
Using the confirmed email address and any email variants found via permutation, we query breach databases. The average European executive whose career spans more than fifteen years has appeared in at least three major data breaches — most commonly LinkedIn (2012), Adobe (2013) and a hotel or travel loyalty programme breach.
The plain-text password recovered from a hospitality breach in 2019 is still in use — confirmed by a password reset prompt on one of the subject's active accounts that rejected it as "current password." This is not unusual. It is routine.
Step 4 — Physical pattern of life (35–50 min)
Geospatial intelligence from open sources is underestimated. Photographs with EXIF metadata intact, Strava activity from a family member, Google Maps reviews left from a home address, and conference schedules published months in advance together establish a predictable pattern of physical presence.
We do not need persistent surveillance to establish where a subject is on a Tuesday morning. Their public calendar, their LinkedIn activity and two Instagram posts from a spouse provide that with statistical reliability.
Step 5 — Document and filing trail (50–60 min)
Court records, property filings, shareholder announcements, investor presentations and regulatory disclosures are indexed by Google and archived indefinitely. A board seat disclosed in a 2018 Scandinavian IPO prospectus — since resigned — still appears in cache. A 2014 court filing in a commercial dispute lists a private telephone number.
At the 60-minute mark, a competent analyst has: confirmed home address, three previous addresses, full family structure, employment history including undisclosed roles, two active email addresses, four breached passwords, a predictable travel schedule and four entry points for social engineering. All from public sources. All legally obtained.
What this means operationally
The purpose of this reconstruction is not to alarm. It is to recalibrate. Most executives operate as though their digital footprint is managed — because they have never seen it assembled. The assembly takes an hour. The footprint took fifteen years to create.
Remediation is possible, and it is methodical. Not every data point can be removed. But the attack surface can be significantly reduced: data broker opt-outs, KvK privacy shield applications, EXIF scrubbing, and credential hygiene cut the operational intelligence value of a profile by 60 to 80 percent.
The question is not whether your exposure exists. It does. The question is whether anyone has shown it to you.
See your own profile before an adversary does.
Our 60-minute exposure assessment delivers exactly what this briefing describes — from the attacker's perspective, with a closed-gap action plan attached.
Request intake