OSINT Exposure: What a Bad Actor Learns About You in 30 Minutes

The dossier a stranger can build in half an hour.

Open-source intelligence, or OSINT, is the structured collection and analysis of publicly available information. Originally a discipline of intelligence agencies and investigative journalism, OSINT is now a tool available to anyone with an internet connection and 30 minutes.

For most executives, major donors, and public-facing leaders, what a stranger can learn from publicly available sources in half an hour is surprising. Home address (often precisely). Family member names. Vehicle make and model. Travel patterns. Business relationships. Political affiliations. Religious involvement. Health information, sometimes. Daily routines.

The first step in managing this exposure is knowing what it actually is. That is the purpose of an OSINT review.

What ends up in the dossier.

A competent OSINT review pulls from many sources, combining them into a single picture.

Public records

Property records, which often reveal exact residential address Business filings and ownership information Voter registration (in states where it is accessible) Court records, including divorce and probate Permits and licenses, which reveal activities and addresses Charitable gift records for tax-deductible contributions above threshold amounts

Social media

Personal accounts, including those thought to be private Family member accounts, which often tag the executive Posts with geotag metadata Photo metadata (EXIF data) when posted platforms do not strip it Connections and followings that reveal professional and social networks

Professional profiles

LinkedIn profiles with job history, board positions, and locations Corporate bios on organizational websites Press releases and news coverage Speaking engagement announcements Published papers, articles, or public statements

News and press coverage

Local and national news articles Community event coverage Society page appearances in regional publications Nonprofit press releases acknowledging major donations Political campaign disclosures

Data broker aggregations

Companies like Spokeo, BeenVerified, and WhitePages aggregate public records into searchable profiles. These aggregations often include contact information, addresses, and family relationships inferred from public records.

Public facing business data

Professional licenses SEC filings for executives of publicly traded companies Corporate board listings Nonprofit 990 filings (for organizations filing Form 990, executive compensation is public) Real estate listings showing current or past residences

The dossier components that matter most.

Not every piece of public information is equally significant. The high-leverage categories:

Residential address

The single most important piece of information to protect. An adversary who knows where you live can plan accordingly. Address exposure often comes through:

• Property records directly
• Social media posts showing home exteriors, views, or identifiable architectural features
• Voter registration
• Old news articles mentioning “of [specific neighborhood]”
• Data broker profiles aggregating multiple sources

Address can often be substantially obscured through deliberate effort. LLC ownership of property. Trust structures. Mail services. Deliberate cleanup of data broker profiles. The work is procedural, not dramatic.

Family member identification

Children especially. The names, ages, school identification, and activity patterns of children are commonly exposed through:

• Social media posts by parents, relatives, or the children themselves
• Nonprofit or sporting organization directories
• School-related news coverage (graduation announcements, honor rolls)
• Church or community organization publications

Reducing family member exposure usually involves conversation with family members, cleanup of past posts, and ongoing discipline about what is shared publicly.

Daily routine

Routines are harder to eliminate from exposure because much of the pattern is observational rather than document-based. The same person arriving at the same coffee shop at 7:15 AM every weekday is a visible pattern regardless of any online footprint.

Routine protection is more about varying patterns and being aware of who is watching than about scrubbing data. For executives with serious threat profiles, routine randomization is a specific practice.

Financial and philanthropic exposure

Major gift recognition, board service, foundation involvement, and significant real estate transactions all carry financial visibility. The visibility is often valued (recognition, influence, community connection) and not something executives want fully eliminated. Management involves thoughtful choices about which recognition patterns to accept and how to manage the visibility those choices create.

The review process.

A professional OSINT review typically follows a consistent structure.

Phase 1: Collection

Systematic search across the categories listed above. The collection is comprehensive, using professional tools and established techniques. What an adversary might find with 30 minutes of effort, the review finds in much more depth.

Phase 2: Analysis

The collected information is organized into a profile. Specific exposures are identified. The profile is presented in a way that shows the executive how the information fits together, not just as a list of individual data points.

Phase 3: Recommendation

For each identified exposure, a specific recommendation. Some exposures are cheap to eliminate. Others require deliberate multi-step work. A few are essentially impossible to remove and require protective countermeasures instead.

Phase 4: Cleanup

The actual work of removing or reducing exposures. Some can be done directly by the executive (adjusting privacy settings, removing specific posts). Others require professional services (data broker removal, trust restructuring for property ownership). Still others require family member participation.

Phase 5: Monitoring

OSINT exposure is not a one-time state. New information is constantly created. New platforms emerge. New posts are made. A serious OSINT program includes ongoing monitoring for new exposures that arise over time.

The specific cleanup targets.

Common cleanup priorities, roughly in order of impact-to-effort ratio:

• Remove personal addresses from data broker sites (Spokeo, BeenVerified, WhitePages, and 30-50 others)
• Review and tighten privacy settings on all social media accounts for the executive and family
• Remove or sanitize old posts with geo-tagged locations or identifying content
• Review LinkedIn profile for over-sharing of location, role details, and specific responsibilities
• Update voter registration address if state law permits (some states allow P.O. box registration)
• Consider LLC or trust ownership for residential property, especially for new purchases
• Review corporate bio and press release patterns for unnecessary personal detail
• Refresh privacy settings annually as platforms change defaults

Most of these actions are individually simple. Their combined effect is substantial.

The verse addresses the trust of keeping sensitive information private. In the modern context, the executive’s personal information is sensitive. Managing who has access to it, deliberately and carefully, is a form of stewardship. OSINT hygiene is the operational expression of that stewardship.

The Southwest Florida specifics.

Regional considerations for OSINT review:

• Florida property records. Florida property records are relatively accessible through county property appraiser websites. Ownership structures that use LLC or trust entities are common for higher-value properties and provide some address obscuring.
• Florida Sunshine Law. Florida has strong public records law, which means some information that is harder to access in other states is more accessible here. The review should account for this.
• Seasonal residency. Many executives in the region maintain properties in multiple states. Each property has its own OSINT exposure, and the cross-state pattern can itself be informative to adversaries.
• Active local press. Naples, Fort Myers, and Marco Island have active local press coverage of community events. The frequency of social and philanthropic event coverage means executives often have more regional press footprint than they realize.

The conversation before the work.

For executives considering an OSINT review, the starting point is a confidential conversation about what you want to accomplish. Some executives want a complete picture and full cleanup. Others want a targeted review of specific concerns. Some want ongoing monitoring. Others want a one-time baseline.

The engagement is tailored to what you actually want. We do not push maximum effort for its own sake.

If you are an executive, major donor, or family principal in Fort Myers, Cape Coral, Naples, or Port Charlotte and you want to know what is actually findable about you right now, we would be glad to have the conversation. The work is discreet, the findings are often surprising, and the cleanup that follows materially reduces exposure over time.