The Ethical Dilemma of Sharing OSINT Case Reports in Professional Settings

Introduction:

“We would love to see your work, do you have a copy of any of your investigations in your portfolio?” It is a common question asked in interviews surrounding OSINT positions, but also a common request to see in job listings themselves on LinkedIn and Indeed. So, what is the problem with this request? While demonstrating investigative capabilities, there is an ethical tightrope to have to tread carefully; especially where OSINT is concerned.

The Industry Expectation: Proving Your OSINT Skills

Companies and clients both ask for real-world examples of your skills and abilities to make sure the investigator they’re looking to hire has the skills needed to gather the necessary information. Up front, this seems innocuous — programmers show projects they’ve worked on, bug bounty hunters show what bugs they’ve caught and how, police can point to their arrest metrics and closed cases, and lawyers can show data on how many clients they’ve helped. Why would it be different when it comes to open-source intelligence, and sifting through publicly available data?

The biggest difference with open-source investigation information from these other cases is that the work product generated on our end directly touches personally identifiable information (PII). While it can be tempting to want to stand out from the rest of the investigators out there, there is an ethical…