Skip to content

OSINT & Social Engineering Study Plan

This page is updated based on jassics/security-study-plan/osint-social-engineering-study-plan. It benefits red team, blue team, GRC, and security-awareness roles alike, and focuses on ethical OSINT and social engineering fundamentals.

Also, I assume you have already checked and are comfortable with the Common Security Skills study plan.

How this connects: OSINT and social engineering skills complement Web Security Testing and red teaming, help GRC and Blue Team, Detection & Response understand human-focused risks, and enrich Threat Modeling by adding people and process attack vectors.

In Short

  1. OSINT is about collecting and correlating public information from many sources.
  2. Social engineering is about manipulating human behavior - use it ethically and within rules of engagement.
  3. Both attackers and defenders use OSINT and SE (offense and awareness/training).
  4. Legal and ethical boundaries are critical.

ToC

  1. OSINT Fundamentals - 2 weeks
  2. People & Infrastructure OSINT - 3-4 weeks
  3. Social Engineering Fundamentals - 2-3 weeks
  4. Offensive Use Cases (Ethical) - 2-3 weeks
  5. Defensive Use Cases & Awareness - 2-3 weeks
  6. Books, Videos, Courses
  7. Interview Questions

OSINT Fundamentals

Duration: 2 weeks

Goal: understand what OSINT is and is not.

Week 1-2: Core Concepts

  1. Definition & Scope - open sources, legality, ethics
  2. Data Types - people, organizations, infrastructure, financial, technical
  3. OSINT Process - define objective → collect → analyze → report

People & Infrastructure OSINT

Duration: 3-4 weeks

Goal: learn practical OSINT collection for people and infrastructure.

Week 3-6: Practical OSINT

  1. People OSINT - profiles, resumes, public posts, breached data (viewing only where legally allowed)
  2. Company OSINT - org charts, technologies used, job postings, press releases
  3. Infrastructure OSINT (high level) - public DNS records, certificate transparency logs, basic passive fingerprinting

Social Engineering Fundamentals

Duration: 2-3 weeks

Goal: understand social engineering tactics and psychology.

Week 7-9: SE Basics

  1. Psychological Principles - authority, scarcity, reciprocity, social proof, etc.
  2. Common Vectors - phishing, vishing, pretexting, physical SE
  3. Real-World Examples - review case studies (within legal/ethical material)

Offensive Use Cases (Ethical)

Duration: 2-3 weeks

Goal: understand how OSINT and SE are used in engagements with proper authorization.

Week 10-12: Red Team View

  1. Pre-Engagement - scoping, rules of engagement, legal sign-offs
  2. Reconnaissance - using OSINT to identify targets, email formats, tech stack (high level)
  3. Campaign Design (conceptual) - planning ethical phishing simulations and pretexts

Defensive Use Cases & Awareness

Duration: 2-3 weeks

Goal: use OSINT and SE knowledge to improve defenses.

Week 13-15: Blue & GRC View

  1. Exposure Reduction - minimizing unnecessary public data about staff and systems
  2. Awareness Training - explaining common SE patterns and red flags
  3. Simulations & Metrics - phishing simulations, reporting rates, improvement over time

Books, Videos, Courses

  • Books on social engineering/human-based attacks from reputable authors, plus books on OSINT techniques and case studies
  • Talks on social engineering from security conferences; OSINT practical walkthroughs (within ethical/legal boundaries); corporate awareness-style videos on phishing/SE
  • Intro OSINT courses emphasizing legality and ethics; social engineering awareness/simulation courses; red team or phishing simulation courses if relevant to your job

Interview Questions

  1. How would you use OSINT during a security assessment while staying within legal and ethical boundaries?
  2. How would you design an internal phishing awareness campaign?
  3. How can OSINT and SE knowledge help improve an organization's security posture?

Also see the Common Security Interview Questions for broader awareness/GRC-adjacent questions.

Practice next: Common Security interview questions, and jassics/security-study-plan for the latest updates to this plan.