The OPSEC Podcast

Throughout the latest episode, we have discussed operational security in professional settings. Today, we are bringing Gabriel Fanelli, director of training at Grey Dynamics and a former United States SIGINT operator with a Bronze Star commendation, to talk about something more than hardening your devices and obfuscating your networks: Family SecurityFirst of all, you are not your kids' best friends; you are their protector and last line of defence against all the threat actors lurking in the dark corners of the Internet. Having said that, here is what you will learn in the episode.The Types of Threats Present in Video Games and Online ForumsHow To Explain Family Security Procedures to Your SpouseHow to Talk To Your Kids About Grooming and ExtortionSocial Media Rules to Have Around the HouseMaintaining Your Kid's Security While He Plays Online GamesFollowers Vetting Processes and Second Device Auditing Your children and your family's security and privacy are your responsibility. They don't have the ability or capability to do it themselves, and you already know what's out there. Harden Up. #Opsec #Security #Family #Home #Veteran Hosted on Acast. See acast.com/privacy for more information.

Audit your social-media exposure, review all your public or private social-media accounts and online profiles; check what personal information (photos, posts, bio data, connections) is visible; then remove, reduce, or restrict exposure of anything risky or unnecessary.Steps to audit your social media exposure:1. Make a full list of every social-media profile or public/social online account you’ve ever created (active or dormant). Include mainstream platforms and smaller/less-used ones.2. Visit each account and carefully examine what can be seen publicly: profile pictures, bio information (name, location, birthdate, contact info), past posts, comments, photos, tags, friend lists.3. Adjust privacy and visibility settings on each account so that only trusted contacts (friends/followers) can see sensitive content. Delete, lock down or hide: personal details, contact info, location data, old posts.4. Remove or deactivate any accounts you no longer use, or that you don’t want publicly visible. Dormant accounts may still leak personal data.5. Scan for “people-search” or public-record sites listing you (or old usernames/email) check what information about you is exposed outside social media.6. Periodically repeat the audit (every 3–6 months) privacy settings and platform defaults can change; content from connections (tags, shares) or old posts may re-expose you. Hosted on Acast. See acast.com/privacy for more information.

Strengthen the security and privacy of your digital communications (messaging, email, cloud data) so that only intended recipients can access them and so that third parties cannot intercept or read your messages or files (including service providers, attackers, and passive observers). This means switching to encrypted channels, reducing unwanted exposure, tightening service settings, and avoiding insecure or legacy protocols. End-to-end encryption ensures message content stays private from the sender to the recipient, and platform hardening reduces the overall attack surface by disabling unnecessary or insecure features.Steps to Harden Your Communications and Services:Switch to encrypted messaging platforms: Replace default SMS/text or unencrypted chat apps with services that provide end-to-end encryption (E2EE) so that only you and the recipient can read your messages.Use secure email services: Choose email providers with strong encryption by default (like Proton Mail or Tuta), and enable encryption features (PGP/automated E2EE) where possible to protect email contents in transit and at rest.Encrypt files before cloud storage: Use cloud services or tools that perform client-side encryption (zero-knowledge encryption) so data is encrypted before it leaves your device, and the provider can’t read it.Recommended Tools:Encrypted Messengers: apps like Signal, Wire, or Threema that use end-to-end encryption to protect messaging and calls from third-party access.Encrypted Email: providers like Proton Mail, Tuta, or Hushmail that support encryption of email content and attachments.Encrypted Cloud Storage: services that offer client-side encryption (e.g., Proton Drive, Sync.com, or tools that integrate local encryption before upload) to ensure your stored data remains private even from the cloud provider. Hosted on Acast. See acast.com/privacy for more information.

Implement multi-factor authentication (MFA) on every account, using the strongest method available with a graduated approach:1. Audit all important accounts (email, banking, cloud storage, social media, password manager) to check whether MFA is supported.2. For each account, go to the security or login settings and enable MFA. Choose the strongest method the service supports.3. If using an authenticator app or hardware key, save backup/recovery codes securely (in case you lose your phone or key).4. For accounts using SMS/email 2FA consider upgrading to a stronger method when available, especially for sensitive accounts.5. Test the MFA setup by logging out and logging back in to confirm that the second factor works as expected.Recommended ToolsAuthy: a widely used authenticator app that generates time-based codes for TOTP-based MFA.Proton Authenticator: privacy-focused app for generating MFA codes offline.YubiKey: a hardware security key providing FIDO2/WebAuthn authentication for the strongest protection.More At: https://opsecpodcast.com/ Hosted on Acast. See acast.com/privacy for more information.

Practical steps for tightening financial security are discussed, including auditing all bank, credit, and investment accounts. Recommendations include eliminating debit card exposure and using masked or virtual cards for online payments. Advice covers removing banking apps from phones, enabling transaction alerts, avoiding public networks for financial access, and monitoring accounts continuously.

Allen Pace presents the Covert Protocol, a structured methodology that will combine through different episodes the OPSEC Podcast principles with the CIA Triad practices. By using these two frameworks in tandem, this process aims to equip everyday users (like you) with both the strategic mindset and the practical tools needed to increase security, reduce vulnerabilities, and enhance personal privacy in both the digital and physical realms.Action 1#: Implement a Password ManagerRecommended tools:1. Bitwarden: a popular, open-source password manager that supports syncing, autofill, passkeys, andcross-device use.2. Proton Pass: a privacy-focused password manager with encryption and strong privacy posture.3. KeePassXC: an offline/local password manager that stores the vault on your device for maximumcontrol and minimal external dependencies.Steps to implement:1. Pick a password manager tool (see Recommended tools below) and install it on your primarydevices (computer, phone, tablet). Make sure it supports MFA for the vault itself for futurehardening.2. Create a strong master password/passphrase - this should be long, complex, and unique(don’t reuse it anywhere).3. Begin adding your online account credentials to the vault. For each new account: generate a longrandom password via the manager, then save it in the vault. For existing accounts: replace weak orreused passwords with new vault-generated ones.4. If using a cloud-based manager: set up syncing across devices so you have access on laptop, phone,etc. If using an offline/local manager: make regular encrypted backups of the vault (e.g. to anexternal drive or secure location).5. From now on, use the vault’s auto-fill or copy/paste feature when logging in, rather thanmemorizing or reusing passwords elsewhere.#OPESCPodcast #CovertProtocol #CyberSec #Intelligence Hosted on Acast. See acast.com/privacy for more information.

Ahmed Hassan, a security practitioner from Great Dynamics, dives into the underappreciated world of corporate surveillance. He reveals how retailers track your every movement and emotion using advanced camera networks and phone sensors. The conversation exposes the alarming truth about dating apps targeting loneliness via motion analytics. Ahmed also discusses the misuse of burner phones and offers insights into bespoke OPSEC services for travelers. Listeners are urged to prioritize their privacy in a world where data is the new currency.

For more than a decade, intelligence agencies, data brokers, and criminal syndicates have quietly relied on the same vulnerability: your wireless signals. Your phone, your credit cards, your passport, your key fobs — they all broadcast data constantly, whether you realise it or not. And every signal can be intercepted, cloned, profiled, or used against you.In this episode of The OPSEC Podcast, we break down a hard truth: modern tracking doesn’t require hacking — just proximity. Bluetooth skimmers, RFID harvesters, rogue NFC readers, silent ping collectors… they’re everywhere, especially during the holiday travel boom.You’ll learn how Faraday sleeves, RFID-blocking wallets, and shielded travel kits shut down these attacks by cutting off the signals entirely. Not with software. Not with “anti-tracking apps.” But with the same electromagnetic isolation techniques used in classified facilities and intelligence operations since the 1940s.In this episode, you’ll discover:How Bluetooth hijacking and RFID skimming actually work (and why tourists are the easiest targets)Why your phone still broadcasts identifiers even when it’s “off”The difference between consumer-grade Faraday products vs. intelligence-grade shieldingWhy doubling-layer protection (sleeve + wallet, sleeve + bag) mirrors professional tradecraftThe silent rise of contactless credit card theft in crowded holiday shopping zonesWhy a $10 RFID sleeve can stop a $500 attack before it beginsThe truth about Faraday backpacks, travel organisers, and which brands actually hold upHow to integrate Faraday protection into daily OPSEC without looking like a tactical wannabeIf intelligence agencies rely on signal isolation to protect classified hardware, identities, and operational assets, why shouldn’t you use the same principles to protect your phone, passport, and money?Your devices broadcast more about you than you think.Your security is your responsibility. Hosted on Acast. See acast.com/privacy for more information.

Explore the world of masked payment cards and their vital role in safeguarding your financial footprint during online shopping. Learn how merchant-locked and single-use tokens bolster security, while alias IDs help maintain your privacy. Discover the risks of traditional bank cards and why it's crucial to manage card lifecycles carefully. From regional alternatives like Revolut to essential procedures for account linking, gain actionable insights to enhance your operational security and reduce fraud risks this holiday season.

For 50 years, 130 governments trusted Crypto AG to protect their most secret communications. Every single message was being read by the CIA and German intelligence. Operation Rubicon was the longest-running espionage operation in history. The CIA secretly bought a Swiss encryption company in 1970, installed backdoors in every device, and sold “secure” communications to governments worldwide. Nobody suspected a thing – until 2020.Now it’s happening again. But this time, they’re buying your VPN companies. Kape Technologies – an Israeli company founded by former adware criminals with ties to Unit 8200 (Israel’s NSA) – quietly bought ExpressVPN in 2021. They also own CyberGhost, PIA, and Zenmate. Plus all the VPN “review” sites that conveniently rank their products at the top.In this episode of The OPSEC Podcast, you’ll discover:Why Chinese VPNs like Turbo VPN are 51% owned by the Communist Party (and why they target American teenagers on TikTok)How Russian VPNs like Kaspersky are legally required to give the FSB access to all your trafficWhy “free VPNs” turn your computer into a botnet zombie (the Hola VPN scandal)What VPNs actually do vs. the anonymity BS they claim in their marketingThe only 3 VPN companies that pass the trust sniff test: ProtonVPN, Mullvad, and NordVPNA VPN does not equal automatic privacy. It’s outsourcing trust from one party to another. If you take trust from your ISP and give it to a malicious actor, you’re worse off than having no VPN at all.Free VPNs make YOU the product. Israeli companies inject adware. Chinese companies feed data to the CCP. Russian companies hand everything to the FSB.Check who owns the VPN – not just where the servers are located. Because if the CIA launched a VPN service promising “guaranteed privacy,” they’d sell exactly zero subscriptions. So why trust companies with the same intelligence agency connections?Your privacy is your responsibility. Do your due diligence or accept the consequences.  Hosted on Acast. See acast.com/privacy for more information.