Getting time with senior executives outside of a crisis is one of the harder parts of the CISO job. When you do get into the room, it's usually because something has gone wrong, or it's time to sing for your supper, which means the relationship between a CISO and the C-suite is often built under the worst possible conditions. Looking at executive Cyber Health as enterprise security offers a different approach.

When you bring this conversation to senior leadership, you aren't showing up with a new doomsday report and asking for something. Instead, you're offering something of personal value. The information below affects executives personally, not just professionally, and leaders who receive it well tend to remember who brought it to them. That's where Executive Cyber Health becomes a career move for you and not just a security task.

Our OSINT reports are designed to show executives exactly what's publicly visible about them as well as what that exposure means for the company. From there, we work with them 1:1 to improve their Cyber Health, resulting in a reduced attack surface created by their personal habits and public presence. Below are ten of the most common ways attackers build intelligence about your executives to build their campaigns.

12 Ways Attackers Build a Profile on Your Executives

1. LinkedIn: An executive's LinkedIn profile gives attackers almost everything they need to impersonate them with someone they trust. Job history, direct reports, board affiliations, and the software the company uses are all there and all useful. With that foundation, a phishing message referencing actual colleagues, current projects, and internal tools looks like a routine internal request.

2. Data Broker Sites: Sites like Spokeo, Whitepages, and BeenVerified aggregate voter registration rolls, property records, court filings, and other public sources to publish home addresses, phone numbers, relatives' names, and previous addresses. Attackers use this to answer security questions, orchestrate SIM swapping, or apply pressure through close relationships.

3. Press Releases and Investor Announcements: Every funding round, acquisition, or leadership announcement puts an executive's name, role, and financial details of the company into a permanent public record. A CFO who just appeared in a major funding announcement becomes a high-value target for fraudulent wire transfer requests and impersonation scams in the weeks that follow, because the announcement itself provides the context needed to make those scams convincing.

4. Conference Speaker Bios and Event Agendas: When an executive speaks at an industry event, their name, title, and company are published alongside the session schedule, effectively announcing their travel plans. Attackers know they'll be away from the office, distracted, and more reliant on their team for routine operations. That's often when attackers time impersonation campaigns targeting employees.

5. Corporate Filings and Public Records: Publicly traded companies are required to disclose executive compensation, board appointments, and ownership stakes, and private companies leave their own trails in state business registrations, court records, and regulatory filings. Tools like EDGAR, OpenCorporates, and PACER make all of this searchable, meaning a motivated attacker can learn what an executive owns, what they owe, who their lawyers are, and sometimes where they live without ever speaking to another person.

6. Accidentally Indexed Documents: Attackers use advanced search techniques to find documents a company never intended to make public. Internal org charts, personnel directories, and strategy documents that were accidentally uploaded or misconfigured can be surfaced in minutes. If your team hasn't audited what's been indexed, there's a reasonable chance something sensitive is already out there.

7. Social Media: Personal accounts reveal far more than most executives realize, including family members' names, neighborhoods, travel schedules, daily routines, and hobbies. Combined, this information becomes a profile attackers use to answer security questions, time their attempts around absences, and make impersonation feel personal. Facebook friend lists and posts expose personal relationships and routines that executives rarely think of as security-relevant. Venmo's public transaction feed (which is on by default) can reveal who they spend time with outside of work. Even a company's official social accounts can contribute, particularly when they tag personal handles or post photos that inadvertently reveal who an executive was with and where.

8. Nonprofit and Board Affiliations: Executives who sit on nonprofit boards or advisory councils are often listed publicly on those organizations' websites, sometimes with bios and event appearances. These affiliations also reveal values, priorities, and personal relationships that attackers use to craft more convincing pretexts since a request that appears to come from a cause the executive cares about is harder to dismiss than a cold email.

9. Family Members with Poor Privacy Hygiene: An executive's own security posture doesn't matter much if a family member maintains a public social media presence that tags them in photos, mentions their address, or shares travel plans. Attackers routinely pivot through family members to build profiles on targets who have otherwise locked down their own accounts. This is one of the harder exposure points to address because it requires conversations with people outside the company, but it's also one of the most commonly exploited.

10. Leaked Passwords from Old Breaches: Billions of usernames and passwords from past breaches are available for purchase online. Many executives created accounts on consumer platforms years ago using personal email addresses, and many of those platforms were later compromised. If any of those old passwords were reused on a current work account or personal login, attackers can try them automatically across hundreds of platforms at virtually no cost.

11. Domain and Technical Infrastructure: Even with privacy protections in place, technical records associated with a company's web domains can reveal email server configurations, third-party vendors, and, in some cases, the personal contact information of IT staff. Historical records may contain details that were public before protections were added. Attackers use this to find weak points in email infrastructure, craft more convincing impersonation attempts, and identify employees most likely to have access to sensitive systems.

12. Employees: The requests that yield the most useful intelligence rarely look like attacks. A LinkedIn message to a junior employee, a question in a public Slack channel, a vendor-style email to a general inbox. Employees are trained to be helpful, and most aren't expecting that helpfulness to be exploited, so without clear internal policies about verifying who is asking for what, teams will give out information that becomes the foundation for far more sophisticated attacks.

‍

Why Making Security Selfish Produces Better Outcomes for CISOs

Approaching this issue as Executive Cyber Health, instead of strictly enterprise security, changes the quality of every security conversation that follows. When executives go through the process of improving their own Cyber Health, (e.g. better password management, MFA on personal accounts, privacy controls on their data broker presence, awareness of what's indexed publicly) they come to your enterprise security briefings differently. They're not checking their phones or waiting to be told for the umpteenth time why they should invest in security. They understand, from firsthand experience, why the practices your team recommends actually matter.

That's not a small thing. Security teams spend enormous energy trying to translate technical risk into terms that business leaders can act on. Executive Cyber Health does some of that translation work upstream, before the briefing even starts. A leadership team that has been through this process is collectively leveled up (not just more aware) and more capable of asking the right questions and making better-informed decisions about security for the organization.

The CISO who adopts this approach with their executives demonstrates what good security leadership looks like: proactive, practical, and genuinely invested in the people at the table. That's the kind of credibility that outlasts any single briefing cycle.

‍

How to Have This Conversation

The instinct for most security leaders is to frame this as a risk conversation, and technically, it is. But executives sit through risk conversations all the time, and those that don't connect with something personal are easy to forget.

The more effective entry point is to lead with what this means for the executive as an individual. Their home address is searchable. Data brokers are aggregating their family members' names. Their old passwords from a forgotten travel booking account may still work on systems they use today. That's a different kind of conversation and it tends to land differently.

Remember that what you're offering isn't a compliance checklist, but a set of concrete, low-effort steps that protect them personally while also reducing exposure for the company. Auditing public data, removing information from broker sites, locking down carrier accounts, requiring hardware security keys, and establishing verification norms across their teams are all things that improve an executive's Cyber Health. The fact that those same steps reduce enterprise risk is almost a side effect from their perspective --- and that's exactly the right way to position it.

It's also worth recognizing that this kind of conversation is a chance to build a relationship. CISOs get very few opportunities to engage with senior leaders outside of high-stakes situations. This is one of them. Don’t waste it.

‍

The Cyber Health Company helps organizations build executive security programs that reduce enterprise risk. Contact us to learn how we can protect your executive team.‍