OSINT In Modern Cybersecurity - Interview With Ricardo Silva

The role of OSINT in Modern Cybersecurity – Interview with Ricardo Silva

A man with light brown hair and a beard stands with arms crossed, wearing a white t-shirt, a smartwatch, and a confident expression—ready to tackle your next WordPress project against a plain white background.

By Maciej Nowak

Welcome to another episode of “Osom to Know,” where Maciej Nowak delves into the intricate world of cybersecurity with his guest, Ricardo Silva.

Ricardo is a security consultant from Portugal with over 11 years of experience in both the military and law enforcement sectors. His current focus is on assessing and testing organizational security efforts from an offensive perspective, replicating the tactics, techniques, and procedures utilized by real-world threats. He specializes in physical security and Open Source Intelligence (OSINT) investigations, helping organizations identify and mitigate potential vulnerabilities before they can be exploited.

The most dangerous breaches today don’t rely on zero-day exploits – they start with publicly available data hiding in plain sight.

That’s the core message Ricardo Silva delivers in this wide-ranging interview about the growing role of Open-Source Intelligence (OSINT) in modern security strategy. Public information isn’t just a research asset — it’s a weapon. In the wrong hands, a developer’s LinkedIn profile, a marketing site’s WordPress version, or even a staff photo can become the entry point to a major security incident. This article synthesizes the most actionable insights from the conversation — tailored for CTOs, security professionals, and digital decision-makers who want to better understand how OSINT is transforming their risk profiles.

OSINT in Cybersecurity: The Attacker’s First and Favorite Tool

Ricardo Silva begins with a warning: everything you publish online can be used against you.

OSINT involves gathering publicly available data — think leaked credentials, exposed GitHub repos, email dumps, social profiles, and metadata — and assembling it into attack-ready intelligence. According to Silva, this reconnaissance phase is now the most critical step in any offensive campaign.

OSINT operations rely heavily on publicly available data, and Silva points out that in many cases attackers can build complete threat scenarios just from what is visible online. This stage of reconnaissance is often enough to reveal critical weaknesses long before any active attack occurs.

What makes OSINT so effective is its stealth. Targets rarely know they’ve been scoped — until it’s too late.

 

Key Business Takeaway:

Audit your digital footprint as aggressively as an attacker would. Regular OSINT self-assessments can expose overlooked vulnerabilities and prevent weaponized information leaks.

 

WordPress Security and OSINT Risks

As a frequent speaker at WordCamps, Silva has a clear message for the WordPress community: you’re on the front lines of OSINT exploitation. Outdated plugins, visible version tags, and insecure APIs are among the most common issues he finds during reconnaissance. And because WordPress powers over 40% of the internet, it’s a prime target.

“Developers don’t realize how much you can learn just by looking at a login page or a plugin list.”

Many developers unintentionally leave breadcrumbs attackers use to map vulnerabilities before ever touching a keyboard.

 

Key Business Takeaway:

Harden your CMS like it’s part of your infrastructure. Remove version info, enforce least-privilege access, and run plugin vulnerability scans regularly.

 

Physical Security Testing and the Role of OSINT

OSINT isn’t just a cyber threat — it’s the first step in many physical breaches.

From Google Street View photos of security cameras to employee badge photos on Instagram, Silva’s team uses public intel to simulate real-world intrusions. Even building layouts can be reconstructed from facility management PDFs or fire drill plans posted online.

“One of the things we do during physical penetration testing is to try to access restricted areas by pretending to be someone else”

Silva adds that these simulations are not about trickery for its own sake but about revealing how easily trust and routine can be exploited. Each successful test provides valuable insight into training gaps, badge verification, and access control protocols that can be strengthened before a real threat actor tries the same tactics.

 

Key Business Takeaway:

Train security staff to treat OSINT as a real-world risk vector. Your physical perimeter is only as strong as the public data that describes it.

 

OSINT in Incident Response and Threat Detection

Once OSINT-fueled attacks begin, Silva emphasizes the importance of preparation. Effective incident response requires knowing what was exposed before the breach.

He outlines a strong IR plan as including log reviews, staff interviews, and forensic reviews of physical and digital entry points — all of which can be derailed if too much public intel was accessible to the attacker in the first place.

“In every investigation, we see the same thing — companies finding out during an incident what information about them was already out there for anyone to see.”

This recurring pattern underlines how critical it is to track your organization’s exposure proactively, not reactively, ensuring that intelligence gathering happens before adversaries exploit the same data.

 

Key Business Takeaway:

Incorporate OSINT monitoring into your IR playbook. Knowing what attackers saw gives you a head start on mitigation.

 

Building Security Resilience Through Continuous OSINT Awareness

Ricardo’s final advice is simple but powerful: make OSINT part of your day-to-day mindset. He encourages organizations to treat open-source intelligence as an ongoing discipline, integrating its principles into training, policy, and everyday decision-making.

“Security isn’t just IT’s job. It’s everyone’s job, because everyone leaves digital traces.”

He’s not just referring to red teams or security consultants. Everyone in an organization — from HR to marketing — plays a role in managing what’s publicly visible. And in an age of hyper-connected tools, even a casual Slack message or tweet can reveal too much.

 

Key Business Takeaway:

Create a culture where employees understand their digital exhaust. Awareness beats firewalls when it comes to OSINT-based threats.

 

Final Thought: OSINT Isn’t Optional — It’s Operational

The interview with Ricardo Silva underscores a hard truth: what you think is invisible is often highly visible to attackers.

At Osom Studio, we’ve worked with clients who were unaware their contact forms, dev environments, or even outdated team bios were giving away more than they realized. Silva’s approach is a wake-up call — not to fear OSINT, but to master it.

Whether you run a WordPress site or a global enterprise, one thing is clear: your public footprint is part of your security posture. Treat it that way.

 

Cybersecurity FAQ

 

How Important is Reconnaissance in Cybersecurity?

Reconnaissance, or information gathering, is a critical first step in cybersecurity, military operations, law enforcement, and pen testing. Security expert Ricardo Silva emphasizes that recognizing suspicious activities, such as unusual web activity or someone gathering intel, can help identify potential threats early. Businesses must be prepared to respond to these threats effectively.

 

What is Open-Source Intelligence (OSINT) and Why Is It Crucial?

Open-Source Intelligence (OSINT) involves gathering publicly available information to gain insights without relying on assumptions. Silva underscores its importance, stating that detailed information about targets, such as website version disclosures or leaked personal data from breaches, can be exploited by attackers. Hence, OSINT is a fundamental component in planning and executing cyber attacks.

 

How Does Physical Penetration Testing Work?

Physical penetration testing assesses the security of physical locations by attempting to access sensitive areas or data. Ricardo Silva discusses common tactics such as tailgating, using disguises, and bypassing security guards. For instance, penetration testers may manipulate RFID access cards to clone and replay credentials, highlighting vulnerabilities in physical security measures.

 

What Should Incident Response Include?

An effective incident response plan includes log reviews, forensic work, staff interviews, and CCTV reviews. Silva notes that creating multiple incidents can overwhelm a company by occupying staff with log reviews, thus slowing down their response. Having a well-coordinated incident response plan ensures quick and effective handling of security incidents.

 

How Can Drones Be Used in Penetration Testing?

Drones are increasingly being used in penetration testing to create rogue access points remotely and gather intelligence about network access points. Silva points out a security gap whereby security guards often overlook drone sightings, treating them as non-threatening. This highlights the need for better awareness and training among security personnel to recognize and report such activities.

 

Why is Security Awareness Essential?

Continuous education and awareness are crucial for both technical and physical security teams to address emerging threats effectively. Silva stresses that understanding attacker motives, recognizing suspicious behavior, and knowing how to report incidents accurately are vital components of a comprehensive security strategy.

 

How Can Strong Password Policies Impact User Behavior?

Balancing strong security policies with user convenience is challenging. Silva gives an example where users often bypass strict password policies by using simple or predictable passwords, such as leaving reminders like post-its with passwords. This compromise can weaken overall security despite strong advisories in place.

 

What to Do if There’s a Data Leak?

Once data is lost or attacked, the best response is to recognize and prepare for potential attacks. We discussed the impact of a Portuguese city council attack, emphasizing the need for robust data protection policies and legal awareness. Affected individuals and organizations should take immediate protective measures to secure remaining data and prevent further incidents.

 

What Are the Legal and Financial Implications of Data Breaches?

Data breaches can lead to serious legal and financial repercussions. Silva mentions cases like British Airways facing fines for GDPR violations following a data breach. These incidents affect both the finances and reputation of the organizations involved, underscoring the importance of robust cybersecurity measures and compliance with data protection laws.

 

How Can Individuals Protect Their Personal Data?

Individuals should use strong password policies, be cautious with personal data, and avoid clicking suspicious links. Silva recommends using services like ProtonMail that offer features to generate multiple email addresses for better protection against cyber threats. Additionally, regular review of past digital information can help identify and mitigate security risks.

Two men stand before a backdrop adorned with abstract shapes in red, blue, and white. The bold words "Osom to Know" hover above them. One man sports a beard and wears a checkered shirt; the other has medium-length hair in a light shirt, effortlessly embodying accessibility akin to WCAG standards.

Full conversation with Ricardo Silva

Want to hear the full conversation with Ricardo Silva? Check out the latest 🎙️ Osom to Know podcast.

You can also watch us on our YouTube – don’t forget to hit subscribe! 📩

Looking for more expert insights on digital security, resilience, and WordPress strategy? Reach out.

Next article

wordpress security

13 Easy Steps to Improve WordPress Security and Keep Your Site Safe

By Bartosz Nowak

9 min read