I’m writing this as much for me as for you. After watching what’s possible with Open Source Intelligence (OSINT) firsthand and reading Michael Bazzell’s work, I realized I need to seriously rethink my privacy. This is what I’m learning about how people gather intelligence using publicly available information, and what I’m doing about it.
Table of contents
Open Table of contents
What I learned at DEF CON
Watching a teenager dominate a capture-the-flag challenge at DEF CON’s Wall of Sheep is something you don’t forget. If you’re not familiar, the Wall of Sheep publicly demonstrates poor security practices in real-time. The organizers passively sniff unencrypted network traffic on public Wi-Fi and display credentials, passwords, and security failures for everyone to see. Educational and terrifying in equal measure.
This kid was surrounded by military contractors, cybersecurity professionals, and seasoned hackers twice his age. While everyone else searched aimlessly through packet captures, he was already deep in layer 7, reconstructing TCP streams, isolating command-and-control callbacks, and spotting a malformed DNS query that pointed to an exfil server hidden in plain sight. His fingers flew over the keyboard with calm precision.
He found it. The rest of us were still trying to figure out what we were looking at.
That experience sent me down the OSINT rabbit hole. I picked up Michael Bazzell’s books and started listening to his podcast at IntelTechniques.1 If you’re serious about understanding open source intelligence, Bazzell is the gold standard. He’s a former government intelligence expert who actually knows what he’s talking about, not just another cybersecurity talking head. His approach helped me understand these concepts in practical, actionable ways.
Here’s the thing: that’s exactly why OSINT matters. The younger generation isn’t just getting smarter and faster at finding information. They’re already better at it than most of us. Unlike the movie Hackers where they needed to physically break into buildings and use payphones, today’s threat actors can gather intelligence from their couch using publicly available data.
What OSINT actually is (briefly)
OSINT is the practice of collecting and analyzing publicly available information for intelligence purposes. In cyber security, that means finding out what attackers could learn about you, your company, or your infrastructure before they use it against you.
Social media profiles. Public records. DNS records. Job postings that mention your tech stack. Conference talks. GitHub repos. All of it is data, and all of it tells a story to someone who knows how to read it.
The goal is simple: find what attackers would find about you, but find it first.
The limits: why OSINT can’t save you from bad hygiene
The 2014 Sony Pictures hack is a perfect example. The attackers used advanced malware that evaded Sony’s antivirus and exploited terrible internal practices. Weak passwords stored in files literally named “Computer Passwords.” Inadequate network segmentation. Years of emails sitting accessible on servers.
OSINT tools helped attribute the attack to North Korea afterward by analyzing metadata, language settings in the malware, and digital footprints. But no amount of external intelligence gathering could have prevented an attack that succeeded because of Sony’s own internal failures.
This highlights something important: OSINT gives you visibility into your external attack surface and helps with threat intelligence, but it doesn’t replace fundamental security hygiene. If your passwords are stored in a file called “Computer Passwords,” no tool is going to save you.
What I’m actually doing about it
This is the part that matters to me. I learn best by writing things down and actually doing the work.
The world’s gotten complicated. You can face real threats just from parking in front of the wrong house, or from someone who decides they hate you enough to dox you online. Whistleblowers deal with paid adversaries hunting them down. The reality is you can’t stop determined government agencies or truly skilled threat actors. But you can make it significantly harder for people with bad intentions to find you, your family, or your organization.
Here’s what I’m working on:
Auditing my own digital footprint. What comes up when you Google me? What’s in public records? What have I posted on social media that I shouldn’t have? The answers were more uncomfortable than I expected.
Reading Bazzell’s books cover to cover. His privacy and OSINT workbooks walk through the practical steps. Not theoretical “you should care about privacy” advice. Actual checklists for reducing your exposure.
Treating this as an ongoing practice, not a one-time fix. Every new account, every new app, every social media post changes your attack surface. Privacy isn’t a project with a finish line.
Teaching my kids about it. (This is the dad in me talking.) They’re growing up digital and they don’t think twice about what they share. That kid at DEF CON was their age. If teenagers can do this level of intelligence gathering, other teenagers can too.
Understanding OSINT isn’t just about offense. It’s about knowing what information about you is already out there and taking practical steps to reduce your exposure. That’s why I’m documenting this journey. If you want to protect yourself, start by understanding how others can find you.
This is the first post in what will probably be a long series. More to come as I work through Bazzell’s material and apply it to my own life.