OSINT & Social Engineering Study Plan
This page is updated based on jassics/security-study-plan/osint-social-engineering-study-plan. It benefits red team, blue team, GRC, and security-awareness roles alike, and focuses on ethical OSINT and social engineering fundamentals.
Also, I assume you have already checked and are comfortable with the Common Security Skills study plan.
How this connects: OSINT and social engineering skills complement Web Security Testing and red teaming, help GRC and Blue Team, Detection & Response understand human-focused risks, and enrich Threat Modeling by adding people and process attack vectors.
In Short
- OSINT is about collecting and correlating public information from many sources.
- Social engineering is about manipulating human behavior - use it ethically and within rules of engagement.
- Both attackers and defenders use OSINT and SE (offense and awareness/training).
- Legal and ethical boundaries are critical.
ToC
- OSINT Fundamentals - 2 weeks
- People & Infrastructure OSINT - 3-4 weeks
- Social Engineering Fundamentals - 2-3 weeks
- Offensive Use Cases (Ethical) - 2-3 weeks
- Defensive Use Cases & Awareness - 2-3 weeks
- Books, Videos, Courses
- Interview Questions
OSINT Fundamentals
Duration: 2 weeks
Goal: understand what OSINT is and is not.
Week 1-2: Core Concepts
- Definition & Scope - open sources, legality, ethics
- Data Types - people, organizations, infrastructure, financial, technical
- OSINT Process - define objective → collect → analyze → report
People & Infrastructure OSINT
Duration: 3-4 weeks
Goal: learn practical OSINT collection for people and infrastructure.
Week 3-6: Practical OSINT
- People OSINT - profiles, resumes, public posts, breached data (viewing only where legally allowed)
- Company OSINT - org charts, technologies used, job postings, press releases
- Infrastructure OSINT (high level) - public DNS records, certificate transparency logs, basic passive fingerprinting
Social Engineering Fundamentals
Duration: 2-3 weeks
Goal: understand social engineering tactics and psychology.
Week 7-9: SE Basics
- Psychological Principles - authority, scarcity, reciprocity, social proof, etc.
- Common Vectors - phishing, vishing, pretexting, physical SE
- Real-World Examples - review case studies (within legal/ethical material)
Offensive Use Cases (Ethical)
Duration: 2-3 weeks
Goal: understand how OSINT and SE are used in engagements with proper authorization.
Week 10-12: Red Team View
- Pre-Engagement - scoping, rules of engagement, legal sign-offs
- Reconnaissance - using OSINT to identify targets, email formats, tech stack (high level)
- Campaign Design (conceptual) - planning ethical phishing simulations and pretexts
Defensive Use Cases & Awareness
Duration: 2-3 weeks
Goal: use OSINT and SE knowledge to improve defenses.
Week 13-15: Blue & GRC View
- Exposure Reduction - minimizing unnecessary public data about staff and systems
- Awareness Training - explaining common SE patterns and red flags
- Simulations & Metrics - phishing simulations, reporting rates, improvement over time
Books, Videos, Courses
- Books on social engineering/human-based attacks from reputable authors, plus books on OSINT techniques and case studies
- Talks on social engineering from security conferences; OSINT practical walkthroughs (within ethical/legal boundaries); corporate awareness-style videos on phishing/SE
- Intro OSINT courses emphasizing legality and ethics; social engineering awareness/simulation courses; red team or phishing simulation courses if relevant to your job
Interview Questions
- How would you use OSINT during a security assessment while staying within legal and ethical boundaries?
- How would you design an internal phishing awareness campaign?
- How can OSINT and SE knowledge help improve an organization's security posture?
Also see the Common Security Interview Questions for broader awareness/GRC-adjacent questions.
Practice next: Common Security interview questions, and jassics/security-study-plan for the latest updates to this plan.