Covered

You can see him. You don't know what he sees.

OPSEC — operational security — is the practice of denying your adversary the information they need to act against you. Originally a military discipline, it migrated to cybersecurity because the problem is the same: the most dangerous intelligence is often the kind that doesn't look like intelligence. Job postings reveal your tech stack. LinkedIn profiles map your org chart. A press release announces your acquisition timeline. A GitHub commit includes an internal hostname. None of these feel like sensitive disclosures. Together they give an attacker a detailed picture of where to push.

The sunglasses are a countermeasure. His gaze direction is the sensitive data. Whoever is watching can see he's paying attention. They can't see to what.

OPSEC failures are usually mundane. Not a breach, not a leak — just someone posting about a project before it launched, or a file with GPS metadata that shouldn't have been shared, or an answer to a question that seemed harmless. The attacker doesn't need a zero-day when the reconnaissance writes itself.

Present. Unreadable.