Covered

SoHo, NYC·April 24, 2026
An older man in sunglasses, leather jacket, and scarf surveys a crowded city street, his gaze direction hidden behind dark lenses, black and white

OPSEC

You can see him. You don't know what he sees.

OPSEC, operational security, is the practice of denying your adversary the information they need to act against you. Originally a military discipline, it migrated to cybersecurity because the problem is the same — the most dangerous intelligence is often the kind that doesn't look like intelligence. Job postings reveal your tech stack. LinkedIn profiles map your org chart. A press release announces your acquisition timeline. A GitHub commit includes an internal hostname. None of these feel like sensitive disclosures. Together they give an attacker a detailed picture of where to push.

The sunglasses are a countermeasure. His gaze direction is the sensitive data. Whoever is watching can see he's paying attention. They can't see to what.

OPSEC failures are usually mundane. Not a breach, not a leak — just someone posting about a project before it launched, or a file with GPS metadata that shouldn't have been shared, or an answer to a question that seemed harmless. The attacker doesn't need a zero-day when the reconnaissance writes itself.

Present. Unreadable.

Exposed