Sign in Subscribe

OPSEC for Real Life (No Fiction, Just Facts)

Mrs. OSINT

2 min read
OPSEC for Real Life (No Fiction, Just Facts)
AI generated

This week, I thought it would be fitting to talk about OpSec.
We spend so much time talking about doing #OSINTforGood and conducting research ethically that sometimes we forget to talk about our own operational security.

So, let's break it down then.

What is OpSec?
Operational Security—originally a military term—is now used across industries to describe the process of safeguarding sensitive information.
But what does that mean in the context of conducting open-source intelligence?

While we work to help keep others safe, we also have to keep ourselves safe. We need to be mindful of what we disclose—and where. Always be conscious of what you share online, including your whereabouts, personal life, and relationships.
[Cue the tinfoil hat]

OpSec in Investigations
You shouldn’t be checking out a target while logged into your personal Facebook.
Not a good idea.
You could end up in their “Suggested Friends” list. And once you’re exposed, your entire investigation may be compromised.
See where I’m going with this?

Protecting your privacy isn’t just a side task—it’s part of the job.

So How Do You Actually Do That?
It depends. Your target and the type of investigation you’re doing determines the level of risk—and how strong your OpSec needs to be.

What does bad Opsec look like?

  • Using your personal email to create a sock puppet account
  • Clicking unknown links without checking them in VirusTotal or a sandbox
  • Posting selfies or images in real time (especially if you’re trying to stay hidden)
  • Letting your sock puppet follow your real interests—or worse, your real account
    (Trust me, I could go on. There’s a lot.)



Quick OpSec Wins

  • Use separate emails and social media accounts for investigations
  • Work inside virtual machines (VMs)
  • Strip metadata from images before sharing or uploading
  • Test your own digital footprint
  • Avoid using your main browser for investigative work
  • Use VPNs

(These are quick wins. We can go deeper—but not today.)

Mindset Shift
Using OpSec well takes time. It’s a learning curve, and that’s okay.
Be patient with yourself. I’ve made plenty of mistakes while figuring it out.

Final Thoughts
Don't know where to start? Start by testing your digital footprint. Where can you make changes? It can be easy as using a VPN or installing a VM.

I highly recommend reading/referencing Michael Bazzell's Extreme Privacy.
Heads up: the first time I opened it, my brain hurt.
It’s intense—but incredibly valuable. Use it as a reference, not a checklist.

What I’ve Learned (So Far)...
OpSec is for everyone—not just for high-stakes investigations.
It takes time to build strong habits, and the techniques you use will depend on your target and type of research.
But if you’re doing OSINT… you need OpSec.

Now I’m Curious…

  • When was the last time you Googled yourself?
  • Have you ever accidentally exposed something during an investigation—and caught it just in time?

💬 Drop one OpSec habit you’ve had to improv or a lesson you learned the hard way.