In December 2024, the CEO of one of America's largest companies was shot outside a hotel in midtown Manhattan. His organization had a world-class cybersecurity program. His personal threat exposure — digital footprint, public routine, physical vulnerability — had never been formally assessed. That is not a physical security failure. It is an intelligence failure that preceded the physical moment by years.
Enterprise security programs protect systems. They instrument networks, deploy endpoint agents, build detection rules. What they rarely do is apply the same analytical rigor to the people who run those systems — their digital exposure, their physical routines, their behavioral threat environment. The adversary does not make that distinction. Nation-state actors, criminal groups, disgruntled insiders, and ideologically motivated individuals all understand that the fastest path to an organization is often through the people at the top of it.
Intelligence-led human security applies the same methodology as digital security: know the adversary, know the terrain, close the gap, validate continuously. The terrain, in this case, is human — digital footprint, physical routine, family exposure, travel patterns. The adversary is whoever has intent and capability to harm the principal or the organization through them. The gap is the distance between assumed protection and actual protection.
The default executive exposure profile
🏠
Home address
Property tax records, data brokers
High🏃
Daily routine
Fitness apps, consistent check-ins
High👨👩👧
Family members
Social media, tagged photos
High✈️
Travel patterns
LinkedIn, conference appearances
Medium💼
Professional network
Relationships, org chart, decisions
Medium🌐
Dark web presence
Credential dumps, breach data
Often unknown
Most executives who have had a formal digital footprint assessment are surprised by what is visible from open sources alone — no hacking required. The information that gives an adversary a detailed operational picture of a principal's life is sitting in property records, data broker sites, fitness apps, social media, and LinkedIn. The assessment that reveals this takes hours. The operation it enables takes moments.
The complete intelligence-led protection program
- 01
Executive Threat Profiling
Structured assessment of who has intent, capability, and opportunity to harm this person or organization. TRAP-18 behavioral threat assessment criteria. Not a background check — an intelligence product that identifies specific threat actors and their likely courses of action against this principal.
- 02
Digital Footprint Assessment
What can an adversary learn from open sources alone? Property records, DMV data, social media, fitness apps, professional networks, family members' exposure. A systematic survey of the principal's digital terrain as the adversary sees it — before the adversary completes that survey themselves.
- 03
Continuous Surface, Deep & Dark Web Monitoring
Not a one-time scan. Continuous monitoring for mentions of principals, leaked credentials, threat actor discussion of targets, and data exposures. Especially critical for executives in high-visibility positions, controversial industries, or organizations that have made decisions generating grievance. The threat environment changes — monitoring must be continuous.
- 04
OPSEC & Surveillance Awareness Training
Military OPSEC five-step process applied to key personnel: identify critical information, analyze threats, analyze vulnerabilities, assess risk, apply countermeasures. Critically — train personnel to recognize surveillance: vehicles that reappear on different routes, individuals who mirror movement patterns, digital signals that suggest pre-operational reconnaissance. Know what being watched looks like, and what to do when you recognize it.
- 05
Physical Advance Work & Protection
Before any principal movement: survey the venue, assess approach and departure routes, identify chokepoints and bottlenecks, determine emergency egress options, assess nearest medical facilities. Route variation is standard — same route, same time, same vehicle is a pattern an adversary can exploit. Physical protection is bundled with OPSEC: the advance work is intelligence collection that enables physical security.
- 06
Foreign Travel Protocol
Threat briefing specific to the destination — not a generic State Department summary. In-country: communication security (assume hotel networks are monitored in high-risk countries), device hygiene, contact protocols. Emergency: nearest embassy contact, extraction plan, out-of-band communication channel. Who do you call, in what order, with what information. These answers exist before travel, not improvised during an incident.
- 07
Persons of Concern & Threat De-escalation
Behavioral threat assessment using TRAP-18 criteria: identify individuals on a pathway toward threatening behavior — disgruntled former employees, fixated individuals, escalating online threats. If a person of concern makes contact: do not engage in ways that escalate, document everything, escalate through established protocols. Early intervention, before behavior reaches the threshold that requires a physical response.
- 08
Family Protection
Family members are frequently more exposed than the principal. Children's schools visible in tagged photos. Spouse's workplace on LinkedIn. Family travel posted in real time. The adversary who cannot reach the principal may reach through the family. Family OPSEC training and digital footprint reduction for immediate family members are part of a complete program — not an optional extension.
- 09
Incident Response Protocol
If surveillance is detected: do not confront, do not change behavior obviously, activate the established protocol. If a threat is received: document it, assess credibility using structured criteria, escalate through established channels. The response protocol was built in advance — who to call, in what order, with what information. These questions are answered before the incident. Not improvised during it.
Enterprise-wide awareness — not just executives: All employees are potential targets. Phishing, pretexting, business email compromise. The most sophisticated spearphishing — now AI-generated and contextually precise — does not look like the training examples from three years ago. Employees need current threat awareness, a reporting culture where flagging something suspicious is rewarded rather than embarrassing, and OPSEC training calibrated to their actual exposure level. The executive program is the most intensive layer. It sits on top of a foundation that covers everyone.
Why continuous monitoring, not one-time assessment
A digital footprint assessment conducted today reflects exposure as of today. It says nothing about the credential dump that appeared on a dark web forum last week, the threat actor discussion thread that emerged after a controversial business decision, or the escalating social media behavior from a former employee that began three months ago. Point-in-time assessments create a false confidence: we checked, nothing was found. Continuous monitoring creates actual awareness: here is what has changed since we last looked, and here is what requires attention now.
For executives in publicly visible roles — especially those involved in contentious decisions, high-profile litigation, activist causes, or industries that generate grievance — continuous monitoring is not a premium addition to the program. It is the baseline. The threat environment against individuals in those positions changes more frequently than any periodic assessment can capture.