Three steps. No noise.
Every engagement follows the same disciplined methodology — the same one a real adversary would use, applied to your benefit.
Collection
Systematic open-source intelligence gathering across public registries, breach data, social platforms, geospatial sources, and corporate filings. We map the full surface before analysis begins.
Analysis
Raw data becomes finished intelligence. We model the most likely attack and the most dangerous one — so you know what to close first.
Delivery
A structured intelligence report — sourced, calibrated, actionable. What is exposed, what it enables, and what you close in the next 48 hours. Delivered encrypted. Destroyed after confirmation.
The output is not a security scan. It is finished intelligence: the analyst's judgement on what an adversary would prioritise, and why. GDPR-native. European methodology. No data leaves your control.
Built for principals with something to protect.
Our work is not for everyone. We operate within a defined client profile and maintain selective intake to preserve analytical quality.
Executives
C-suite and board-level principals at European companies — particularly those with public profiles, M&A activity, or operational security mandates.
Entrepreneurs
Founders and investors whose personal identity is inseparable from their business — and whose exposure therefore carries direct commercial risk.
High-net-worth individuals
Private individuals whose lifestyle, assets, or family situation creates a target profile — often without their awareness.
Family offices
Organisations responsible for the security of a principal and extended household. We work directly with security directors and estate managers.
Three levels of exposure management.
All engagements are scoped during the initial briefing. Pricing is not published — it is discussed after fit is established.
Exposure Audit
- Individual executive — single principal
- 16 exposure categories
- Breach data and data broker mapping
- 5-day delivery
- Structured PDF report
- Closing briefing call
Full Assessment
- Principal + household + key associates
- Extended attack chain analysis
- MLCOA / MDCOA adversary modelling
- 10-day delivery
- Report + executive summary
- Two briefing sessions
Retainer
- Continuous monitoring cadence
- Quarterly full reassessments
- Incident-triggered rapid review
- New exposure alerting
- Dedicated analyst access
- Annual threat landscape briefing
See the output before you decide.
We have produced a full-engagement sample report — a complete digital exposure audit of a fictional executive, using our standard methodology.
The complete report covers all 16 exposure categories, with adversary modelling, risk matrix, attack chain narrative, and prioritised recommendations.
Download the full sample report (PDF) →Frequently asked.
Exclusively open-source intelligence (OSINT): public registries, breach databases, social platforms, geospatial data, WHOIS records, corporate filings, news archives, and data broker aggregators. We do not use hacking, intrusion, or any non-public access method.
Yes. All methods are limited to publicly available information — the same sources any journalist, recruiter, or adversary could legally access. We operate within EU jurisdiction and comply with GDPR throughout the engagement lifecycle.
Reports are delivered encrypted via a time-limited secure link. After your confirmation of receipt, our copy is permanently deleted. We do not retain client data beyond the engagement window — by design and by policy.
A Level I Exposure Audit is delivered within 5 business days of intake confirmation. Level II Full Assessment takes 10 business days. Retainer cadences are agreed during the contract phase — typically quarterly reassessments with continuous monitoring between them.
Our primary operating area is NL, DE, AT, CH, and GB. We can assess principals based elsewhere, but our methodology is optimised for European exposure infrastructure. Contact us to discuss your specific situation.
One person. No juniors. No outsourcing.
Every OF-PRO engagement is conducted personally by a single analyst — from first contact to final report. No delegation. No automated output dressed as intelligence.
- Military veteran — verkenner, armed forces background
- Close Protection Officer, CPO Level 4
- OSINT methodology — structured, source-documented, reproducible
- GDPR-native approach — data minimisation by design, EU jurisdiction
- Solo operator — one analyst, one methodology, full accountability
If that matters to you — that the person reading your brief is the same person who wrote the report — that is why OF-PRO exists.
Apply for intake.
A 30-minute conversation. No pitch. We establish whether there is a fit — and what the engagement looks like.