Critical Actor Mapping · Target Analysis · OSINT

Which employee is unknowingly a target?

CI-IT identifies which key personnel are of interest to external actors due to their role, visibility, or access — and what public information could be exploited for influence, intimidation, or social engineering.

Schedule an intake → View the service

100%

Public sources

GDPR

Compliant & confidential

1-to-1

Per role profile

Red = directly usable for targeting

The challenge

Your people are more visible online than you think

Job titles, presentations, interviews, social media, and data breaches together form a detailed profile. For a malicious actor, that profile is a roadmap: it shows who to approach, with what, and via which route.

Most organizations protect systems and buildings, but underestimate people as an entry point. Targeted approaches often begin with information that is entirely public — starting with executives, spokespersons, and administrators with broad access.

What an actor can find online

Full name, role, and area of responsibility
Managers, colleagues, and professional contacts
Locations, routines, and event attendance
Business and personal contact details
Starting points for social engineering
Other vulnerabilities

What we do

From public information to targeted resilience

We look through the eyes of an attacker, so you can act as a defender.

1 · Map it

Using open source intelligence (OSINT), we collect all publicly available information on selected key personnel — structured and traceable.

2 · Assess risks

Per profile, we determine what risks arise from the information found and how it could be used for influence, intimidation, or social engineering.

3 · Strengthen resilience

You receive prioritized recommendations to take targeted measures that demonstrably improve the safety of your employees, team, and organization.

Read the full methodology →

Risk profiles

Who is at greatest risk?

Not everyone is equally interesting to an external actor. These roles stand out by their visibility, responsibility, or access.

High risk

Executives & leadership

Decision-makers with authority and visibility. Primary targets for CEO fraud, blackmail, and targeted influence on decision-making.

High risk

Spokespersons & public figures

Maximum online visibility. Vulnerable to intimidation, threats, and reputation attacks that affect the organization as well.

Elevated risk

HR & finance roles

Access to people and financial flows. Prime targets for invoice fraud and social engineering aimed at employees.

Elevated risk

IT & system administrators

Broad technical access makes them a key to the entire infrastructure — and therefore a primary target for targeted approaches.

Context-dependent

Sensitive portfolios

Employees in legal, procurement, or licensing roles whose work affects parties with a motive to interfere.

Context-dependent

Key employees

Individuals with unique knowledge or access whose absence or compromise would directly impact continuity.

The process

Clear, confidential, and in four steps

From scope to report, you work with a single point of contact. You stay in control; we deliver the insight.

View the service in detail →

Scope & selection

Together we determine which roles and individuals are investigated and what the research question is.

Open source research

We systematically map what information about these individuals is publicly available.

Risk analysis

We assess the risks and potential exploitation scenarios per profile.

Report & recommendations

You receive a confidential report with concrete, prioritized measures.

Frequently asked questions

Good to know

What is employee target analysis?

Target analysis identifies which employees — by role, responsibilities, visibility, or access — present an attractive target for external actors. CI-IT uses open source research to map what information about these individuals is publicly available and what risks arise from it.

What is OSINT (open source intelligence)?

OSINT stands for Open Source Intelligence: collecting and analyzing information from publicly accessible sources such as social media, public registers, news articles, and company websites. Only legally and publicly available data is used.

Is this research legal and GDPR-compliant?

Yes. CI-IT works exclusively with publicly available information and operates within the applicable legal framework, including GDPR. Results are treated confidentially and shared exclusively with the client.

Which employees are at elevated risk?

Primarily executives and board members, spokespersons and public figures, HR and financial decision-makers, IT administrators with broad access, and employees in sensitive or decision-making roles. Their visibility, responsibilities, or access make them interesting for influence, intimidation, or social engineering.

What does a CI-IT investigation deliver?

You receive a confidential report with an overview of publicly available information per investigated role, a risk assessment, and concrete, prioritized recommendations to strengthen the resilience of your employees and organization.

Know what an outsider can find about your people

Schedule a no-obligation consultation. Together we define the scope and research question.

Schedule intake →