OSINT – “a method of using open source tools to collect information from publicly available sources and then analyse it in order to make a decision or take some action.” (https://www.computerweekly.com/tip/Using-open-source-intelligence-software-for-cybersecurity-intelligence)
curious – “marked by desire to investigate and learn” (https://www.merriam-webster.com/dictionary/curious)
OSINT curious – A desire to learn, investigate, explore, share, and understand the growing field of Open Source Intelligence (OSINT).
Searches and Clicks
As an OSINT teacher (SEC487) and practitioner, I find that, the more I ask questions about the data I find during OSINT work, the richer, deeper, and more successful my assessments. In one of my recent classes, I explained to students that getting results from a search is a fine result. They should also be looking for pivot points (additional data to search on and possibly change the direction of the investigation).
I’ve seen far too many people perform a search and then copy and paste the results into a report without performing the analysis and without looking for additional information.
Being OSINT curious is almost the the opposite of the cyber security ideology “Don’t click shit.” When we see a profile page, we click all the links. We harvest all the data to analyze and refine our work. The more OSINT curious we are, the more we find and collect.
How Can I Be OSINT curious?
You can learn to be OSINT curious. Some of the traits I’ve seen in people that are, are below:
- Inquisitiveness – Always asking questions and trying to find new avenues of inquiry.
- Tenaciousness – Never giving up especially when you may be having challenges finding the data you need.
- Determination/Persistence – People that deliver results no matter what gets in their way.
- Always Learning and Growing – The field of OSINT evolves daily. People share content on new techniques and how they applied some older tool to solve a recent challenge. People that stay engaged and learning succeed.
So I ask you,