top of page



Photo of Fred Burton


Why it’s critical for protection

teams to reverse engineer their

approach and think in the mindset

of the threat actor to find any gaps

in their strategy.

How members of your principal’s

ecosystem can inadvertently leak

sensitive information that makes

digital threat hunting easier for an


Exploring the intersection of cyber

and physical protection realms,

recognizing that activities in one

domain directly influence the


Fred Burton is one of the world’s foremost authorities on protective intelligence, security and counterterrorism. He is the Executive Director of Protective Intelligence at Ontic, working closely with security leaders at major corporations to help them optimize their programs, streamline protective intelligence initiatives, and keep their people safe. Burton, former Chief Security and Compliance Officer at Stratfor, has a distinguished law enforcement and security background. He began his career in law enforcement in 1981 with the U.S. Secret Service and was a special agent with the State Department's Diplomatic Security Service (DSS), eventually becoming the deputy chief of the DSS protective intelligence & counterterrorism division.

Executive Summary

The net of publicly accessible information is growing faster than we can keep up with, and unfortunately for corporate security teams, much of it includes information on executives and the companies they represent. While some online visibility is beneficial for spotlighting company or personal accomplishments, if it’s not managed properly it can be used for malicious intent.

Adopting a threat actor mindset is crucial for identifying vulnerabilities that can be overlooked from the inside. Creatively assessing points of infiltration and testing vulnerability scenarios will certainly reveal risks that may have gone unnoticed for quite some time.

Working From The Outside

Malicious threat actors are tenacious — and persistent. They often realize that the hardest way in is through the front door, so they tenaciously look for other vulnerabilities. It’s important to ask yourself ‘Who is making your organization more vulnerable?’ Whether it be intentionally or inadvertently, the harder we look, the more digital doors we find propped open. It's critical to map out your executive or company’s entire ecosystem when evaluating your threat landscape. Just tracking a principal is not enough. Online information can be exploited for various reasons, such as harassment, reputational damage, doxing, extortion, and even physical violence.

We see risk by association with many people who operate within the inner circle of the HNW individual, including family members, close protection team members, business associates, and even routine service providers. It would be remiss to not include those individuals when conducting a thorough digital threat and vulnerability assessment.

Fred Burton, former counterterrorism agent and the Executive Director of Protective Intelligence at Ontic, advises “It’s critical for security teams to protect the inner circle however the periphery cannot be neglected. Success hinges on focusing on a wide variety of risks, including those directly impacting the principal as well as those that could affect everyone in the family’s orbit.”

The scenarios described below are all too familiar to those who work in this


Scenario 1: An executive assistant travels with a CEO and posts pictures online of the exotic location where their annual company retreat is taking place. The picture may appear innocuous but actually includes images of the airport, the tail number of the aircraft they are using that week, and a timestamp of when they arrived. We have even seen security agents on a protective detail post social media comments such as “I can’t wait to get back home next week”.

Scenario 2: An employee of a family office continues to use their work address for personal package deliveries. This name and address data is eventually collected via data aggregators and sold to marketing groups and other online sources. Since the employee operates out of the estate of this UHNW individual, it becomes clear that he or she is affiliated with this well

known public figure, and in the mind of a threat actor may become an access point into the organization.

While these scenarios seem harmless on the surface, deeper analysis shows that each provides just enough information to crack into an executive’s network. Additionally, the data starts to act as pieces to a puzzle and help threat actors gain the momentum they need to uncover more and move closer to the target. This also reminds us that an inside-out point of view alone will not suffice when implementing a digital threat hunting or risk mitigation plan.

The Shift Toward a Hybrid Cyber/Physical Defense Strategy

While traditional security strategies included guns, gates, and guards, it now extends well beyond that, and into people, processes, technology, and culture. An individual’s digital footprint can impact professional credibility, employability, financial standing, relationships, and susceptibility to cyber and physical harm, depending on how you manage it.

Oftentimes, publicly accessible online information is used to determine time and place predictability for an individual. This typically precedes any physical contact that would harm an executive or their family, so staying ahead of this is essential. Security teams can take proactive measures to reduce vulnerabilities and shape content positively to minimize risks. Regularly monitoring your principal's ecosystem and hunting for digital threats makes

this a possibility.

An unfortunate example of publicly accessible online information being used for malicious intent was a 2023 murder suicide in Redmond, Washington. A violent stalker who was fixated on a podcast host found her home address online. He broke in during the middle of the night and killed the podcast host along with her husband before killing himself. The stalker had been sending threatening messages for more than a year and was served with a no contact order one week prior to the incident.

By recognizing the close relationship between cyber and physical security, this tragedy could have been prevented through proactive digital threat hunting measures. Implementing additional layers of security are necessary so digital vulnerabilities and paths of approach are not only detected, but shut down completely. It’s time to take a greater step back from your program, and look from the outside in, so we can stay one step ahead of the risks we can’t see.

Commentary From 360 Privacy

The most exciting part about working in the security industry is the constant evolution of challenges. Stalkers used to write letters, but now they follow their targets on social media digesting content in real time. Residential security teams erected walls and vegetation screens for privacy, but are now forced to contend with small and relatively cheap drones that can be controlled from miles away. Executives used to pay for an unlisted phone

number, but now their entire life profile lives on over 400 data broker sites available to the masses of the internet.

As professionals dedicated to protecting others, we must constantly adapt to evolving trends, tactics, and vulnerabilities. The digital space presents a new frontier of challenges for us all to tackle. From generative AI to digital extortion, our principals rely on us to stay up-to-date on new and emerging threat vectors.

Adam Jackson, Founder and CEO of 360 Privacy, notes that “I started 360 Privacy after one of my executive protection clients told me about a stalker who had taken over his digital life. After conducting an investigation, I located and interviewed the stalker. She was a teenage girl who was obsessed with country musicians. She showed me how she went online to a data broker site and found my client’s social security number, home address, phone number, and email. I knew at that moment that data brokers were going to present a significant challenge for security teams across the country.”

We understand that in a physical environment it's best to use concentric rings of security in order to maximize the safety of the protectee. The same thing works for hybrid programs which rely on both personnel and technology to keep their environment safe. The only way to do this properly is to formulate a solid plan with an outside-in point of view - and this applies to digital risk indicators as well as physical.

“I think we are starting to see a shift in the approach to ownership of security programs within large companies. For many of our enterprise customers, we work with the internal IT/cyber teams as well as the physical security and executive protection teams.” notes Max Anderson, 360 Privacy’s Chief Growth Officer. “As the physical and digital worlds become more interconnected, we should embrace a collaborative and holistic approach to security.” Anderson added.

With the increased reliance on technology, the proliferation of sensitive personal information that is discovered online and in the dark web is astounding. We need to implement additional layers of security so that we not only detect digital vulnerabilities and paths of approach, we shut them down completely. If we can close them off, at least we know they exist, which will allow us to better defend the organization.

“Just the other day, we found the email and password for the CEO of a Fortune 100 company on the dark web. Imagine the financial and business impact this could have on a company if a threat actor was able to log in and access sensitive documents. Fortunately we were able to find this data and inform the client’s security team so they could update the password prior to the account being exploited." said Anderson.

Modern problems require modern programs. 360 Privacy has built a technical solution backed by brilliant minds from the special operations, intelligence, and technology communities. If you would like to learn more about 360 Privacy and how we help some of the largest companies, personalities, and brands stay secure, please email us at to speak with one of our experts.


bottom of page