Your Questions, Answered
-
CDEC identifies and mitigates real-world security risks before they are exploited. We combine open-source intelligence (OSINT), physical security (Red teaming) testing, digital forensics, and surveillance detection to uncover vulnerabilities across people, systems, and environments.
-
Most cybersecurity firms focus only on digital threats.
CDEC operates across digital, physical, and human vulnerabilities, identifying how online exposure can lead to real-world risk.We don’t just report problems - we show how they can be exploited and how to fix them.
-
We work with:
Corporate executives and boards
Law firms and insurers
Government and law enforcement
Media organisations and journalists
Companies operating in high-risk environments
Maritime, aviation and secure transport industry
High-net-worth individuals (HNWIs)
-
An OSINT (Open-Source Intelligence) investigation uses publicly available data to uncover information about individuals, companies, or assets.
This includes:
Personal data exposure
Online activity and footprint
Business connections
Location intelligence
Data breaches and leaked credentials
-
Adversaries can use publicly available information to:
Track your location
Identify family members
Impersonate you
Gain access to accounts
Plan physical targeting
CDEC identifies this exposure before it becomes actionable.
-
We can:
Identify where your data exists
Prioritise high-risk exposure
Guide and execute removal strategies where possible
Some data cannot be fully removed, but risk can always be reduced.
-
A Digital Exposure Report is a structured analysis of what information exists about you online and how it could be used against you.
It includes:
Exposure mapping
Risk scoring
Real-world impact assessment
Clear mitigation steps
-
A bug sweep (Technical Surveillance Counter-Measures) is the process of detecting hidden surveillance devices such as:
Listening devices
Hidden cameras
Tracking devices
Covert wireless transmitters
-
You may need a sweep if:
You are a high-value individual
Sensitive conversations take place in your environment
You suspect surveillance or insider threats
You operate in high-risk industries or regions
-
Yes - when conducted properly.
CDEC focuses on:
Environmental understanding (not just tools)
RF, thermal, and physical detection
Behavioural and anomaly analysis
Most missed threats are due to poor methodology, not lack of equipment.
-
Online data can be used to:
Identify your home or routine
Track travel plans
Locate assets such as vehicles
Build a targeting profile
CDEC specialises in linking digital exposure to physical risk.
-
Yes. Public data such as social media posts, images, and open records can be used to identify your home location.
In real-world investigations, small details such as backgrounds in photos, repeated locations, and metadata are combined to narrow down exact addresses. This is one of the most common risks we identify in exposure assessments.
-
Digital forensics is the recovery and analysis of data from devices such as phones and computers.
It is used to investigate incidents, recover evidence, and understand what has happened on a device.
-
Digital forensics is typically used in:
Legal cases
Fraud investigations
Data breaches
Insider threats
Device compromise
-
Red teaming simulates real-world attacks to test how an organisation would actually be compromised.
This can include:
Physical entry
Social engineering
OSINT-led targeting
Security process failures
-
Yes - with permission.
We replicate real-world adversary behaviour to show how a breach would happen, not just where vulnerabilities exist.
-
We provide:
Pre-travel risk assessments
Digital exposure checks
Communication and tracking strategies
Emergency planning
-
Yes.
CDEC offers ongoing monitoring services that track:
New data exposure
Emerging threats
Changes in risk profile
-
Yes.
AI tools aggregate publicly available data and can surface sensitive information quickly.
-
We:
Identify what AI systems can see about you
Reduce exposed data
Monitor ongoing visibility
Help you control your digital footprint
-
Pricing depends on scope and risk level.
Typical engagements include:
One-off investigations
Full exposure reports
Ongoing monitoring services
We provide clear pricing after an initial discussion.
-
We can typically begin within days depending on urgency.
-
Yes.
All engagements are handled with strict confidentiality and discretion.
-
Most people have far more information online than they realise.
This can include email addresses, phone numbers, home locations, family connections, employment history, and behavioural patterns. We map this in structured exposure reports to show what an adversary could realistically see.
-
Attackers use open-source intelligence (OSINT) to identify and build profiles on individuals.
This involves collecting small pieces of public data and combining them into a usable intelligence picture. In controlled red team scenarios, this process is often enough to enable physical targeting or social engineering attacks.
-
Yes, in certain conditions.
Tracking can occur through apps, compromised accounts, Bluetooth signals, or network-based techniques. While not always sophisticated, many methods rely on poor awareness rather than advanced hacking.
-
Reducing your digital footprint involves identifying where your data exists and removing or limiting exposure.
This includes reviewing social media, removing data broker listings, securing accounts, and changing behaviours that unintentionally expose information. We prioritise actions based on real-world risk, not just visibility.
-
Yes. OSINT uses publicly available information and is legal when conducted correctly.
The risk comes from how that information is used by adversaries, not from its availability. Our work focuses on identifying and mitigating that risk.
-
A Digital Exposure Report is a structured breakdown of what information exists about you online and how it could be exploited.
It includes:
Exposure mapping
Risk scoring
Real-world impact
Clear mitigation steps
-
Yes, where there is a legitimate and lawful reason.
We support investigations for legal cases, corporate risk, fraud concerns, and personal safety. All work is conducted within legal and ethical frameworks.
-
When done properly, OSINT can be highly accurate.
The key is validation and correlation. We cross-reference multiple sources to ensure findings are reliable and relevant to the correct individual.
-
You may need a sweep if:
You handle sensitive information
You are a high-profile individual
You suspect surveillance or insider threats
You operate in high-risk environments
-
Yes, and they are becoming more accessible.
In real-world environments, threats are often simple rather than highly advanced. The risk is not always sophisticated equipment, but placement and opportunity.
-
Yes.
We regularly identify tracking devices placed on vehicles using RF detection, physical inspection, and behavioural indicators.
-
Online exposure can reveal:
Home locations
Travel patterns
Daily routines
Family members
This allows adversaries to move from digital reconnaissance to physical targeting.
-
Yes.
Social media provides insight into behaviour, location, and lifestyle. In controlled red team exercises, this information is often enough to plan access or approach strategies.
-
Real-world risk is the point where digital exposure leads to physical consequences.
This includes theft, targeting, impersonation, or surveillance. CDEC focuses specifically on this crossover point.
-
In many cases, yes.
The success depends on the device, storage type, and time since deletion. We assess feasibility before proceeding.
-
Yes, with full permission.
We replicate adversary behaviour to identify real weaknesses, not theoretical ones.
-
Protection involves:
Reducing digital exposure
Securing communication
Understanding physical risk
Ongoing monitoring
We provide structured assessments and continuous monitoring for this.