Authorized Exposure-Awareness Review

Know what an adversary
can find about you
before you are tested by it.

A Sentinel Risk Group operator-led review of the publicly discoverable digital exposure surrounding an executive, an organization, or a mission-critical decision. Conducted with discipline. Delivered with clarity. Used to inform — not to alarm.

Request an Exposure-Awareness Review →
Point-in-Time Review Operator-Validated Findings 7–14 Business Day Delivery
Home / Services / Authorized Exposure-Awareness Review
What It Is

A structured, point-in-time review of public-facing exposure.

An Authorized Exposure-Awareness Review is a structured, authorized examination of the digital footprint, breach exposure, and public-facing attack surface surrounding a defined subject — an individual executive, a designated key-personnel group, an organization, or a government program office.

SRG operators conduct the review using established open-source tooling and tradecraft, validate every finding manually, and deliver a written report that presents what was found, what it means, and what to do about it. The output is the Digital Risk Exposure Deliverable — a client-facing document used to inform leadership decisions, harden public posture, or anchor an executive-protection conversation.

The review is passive and authorized. All collection is limited to publicly available sources. No active probing, no covert collection, and no investigative techniques are used. The client signs an authorization at intake; SRG accepts each engagement at its sole discretion after operator review.

Why Organizations Request One

Used before high-consequence moments — not after them.

The Authorized Exposure-Awareness Review is most often commissioned in the weeks preceding a moment where public exposure carries real cost.

01 / Executive Transitions
CEO, C-suite, or founder transitions
New leadership inherits whatever digital exposure exists. Reviewing it before the announcement gives the incoming principal time to manage it on their terms.
02 / Board Appointments
Director, advisor, or board-seat appointments
Public disclosure of a board appointment is also a disclosure of every digital trail attached to that name. Better to know the trail before the press release.
03 / Public Announcements
Funding rounds, product launches, IPO readiness
Any moment that increases public attention also increases adversary attention. A review surfaces what scrutiny will surface — earlier, with time to act.
04 / M&A Activity
Pre-deal due diligence on counterparty exposure
Buyers and sellers benefit from understanding what is publicly knowable about the executives, infrastructure, and brands involved before terms are finalized.
05 / High-Profile Travel
International travel, public appearances, summits
Public-event participation generates predictable behavioral signal. A review identifies where movement patterns, family details, or residence information are externally inferable.
06 / Litigation Preparation
Pre-deposition, witness preparation, settlement posture
Counsel and the witness benefit from a structured view of the opposing side's likely public-record findings before exposure becomes evidentiary.
07 / Investor Scrutiny
Institutional diligence, LP onboarding, fund formation
Sophisticated investors run their own public-record review. Knowing what they will find — before they find it — informs how the conversation gets framed.
08 / Reputation Management
Post-incident posture, narrative correction, brand stewardship
After a public event or controversy, a structured review establishes the current state of the record so corrective work proceeds from facts rather than assumption.
What SRG Reviews

Five domains. One integrated deliverable.

Every Authorized Exposure-Awareness Review covers the five domains below. Scope depth varies by tier; the framework does not.

Domain 1

Digital Footprint

The public-record and aggregated-data picture. Residential and contact aggregator listings, public directories, indexed personal details, professional-bio surface area, and historical artifacts that remain publicly retrievable.

Domain 2

Breach Exposure

Confirmed exposure within historical data breaches. Which breaches the subject's email or accounts appear in, what data classes were exposed, and whether any of that exposure remains operationally exploitable today.

Domain 3

Credential & Identity Exposure

Surfaced credentials, password hashes, and identity fragments on paste sites and aggregators. Identifies whether retired credentials remain present in publicly accessible dumps, and whether identity reuse extends current risk.

Domain 4

Social & Behavioral Attack Surface

Public social-platform presence and the behavioral inferences a public observer can draw — patterns of travel, family connections, professional rhythm, geotagged content, and other operationally-relevant signal.

Domain 5

Network & Infrastructure Exposure

For organizational engagements: externally-visible infrastructure, exposed services, version-banner disclosure, and known vulnerabilities on internet-facing assets. Subject-specific scope confirmed at intake.

What Clients Receive

The Digital Risk Exposure Deliverable.

Every engagement closes with a structured, branded, operator-validated report. The deliverable is built to be read by leadership — not by analysts.

01

Executive Summary

One-page narrative read by the principal. Posture, top exposures, recommended priorities — in plain language.

02

Findings by Domain

Each of the five domains receives an operator narrative plus a table of validated findings with source attribution.

03

Severity Ratings

Every finding rated against SRG's five-tier framework — Critical, High, Moderate, Low, Informational — with response windows.

04

Prioritized Recommendations

Consolidated action items ordered by impact and urgency, mapped to specific findings, with effort and timeline annotations.

05

Methodology & Provenance

Tooling applied, collection scope, operator validation steps, and limitations — for the record and for any downstream review.

06

Walkthrough Consultation

30-minute deliverable-walkthrough call with the operator. Questions answered, follow-on options discussed, engagement closed.

Boundaries

What this service is not.

SRG declines engagements that fall outside the boundary. The list below is enforced at intake review and reaffirmed in the deliverable.

  • Not an investigation
  • Not surveillance
  • Not background screening
  • Not credit review
  • Not tenant screening
  • Not continuous monitoring
  • Not employment adjudication
  • Not law-enforcement activity
Use is informational and advisory only. The Authorized Exposure-Awareness Review is not suitable for evidentiary, adjudicative, or surveillance contexts, and SRG will decline any request that appears to seek one of those uses. Acceptance of any engagement is at Sentinel Risk Group's sole discretion.
Independent Analysis

We work for you.
Not for the vendor selling the fix.

Sentinel Risk Group receives no compensation from software vendors, security providers, monitoring platforms, or technology manufacturers. No referral fees. No revenue share. No back-channel partnerships.

What this means

Every finding is based on observed exposure. Every recommendation is based on operational requirement. Every priority is set against your objectives — not a tool we are paid to recommend.

Why it matters

The cybersecurity industry runs on partnerships. Most advisory firms cannot tell you the truth about whether you need a tool — they get paid when you buy one. SRG does not.

Our discipline

When SRG recommends action, it is because the exposure warrants it. When SRG recommends inaction, it is because the exposure does not. The signal is not contaminated by commission.

· Operator-led. Vendor-independent. Client-aligned. ·
Engagement Tiers

Fixed-fee. Scope confirmed at consultation.

Tier selection drives collection depth, deliverable scope, and consultation length. Final tier is confirmed during the pre-engagement consultation based on subject scope.

Tier I
Individual
$2,500
Single principal. Personal digital footprint, breach exposure, and social attack surface.
Tier II
Executive
$3,500
Principal plus immediate family or executive-staff radius. Adds relationship-graph and family-adjacent exposure.
Tier III
Corporate
$4,500
Organizational entity plus designated key personnel. Includes network and infrastructure exposure domain.
Tier IV
Government / Mission
$5,000
Program office, contractor-leadership assessment, or pre-engagement digital footprint review. Scope sized by mission profile.
Pricing is fixed at the published tier. Scope additions or extended collection are quoted separately at the pre-engagement consultation. SRG does not bundle the Authorized Exposure-Awareness Review with continuous monitoring or investigation-style services.
Frequently Asked

What clients ask before commissioning a review.

Is the review legal? What authorization is required? +
Yes. The review is limited to passive collection from publicly available sources, conducted under written authorization from the requestor. At intake the requestor attests to legal standing (either subject themselves or with legal authority over the subject) and acknowledges the boundary of the service. SRG declines any request that appears to seek investigative, adjudicative, surveillance, or law-enforcement uses.
How long does an engagement take? +
The Digital Risk Exposure Deliverable is typically completed within 7–14 business days of the pre-engagement consultation. Collection does not begin until that consultation is held and scope is confirmed in writing.
What happens between submitting the intake and receiving the deliverable? +
After intake, SRG reviews the request within one business day and responds with either an approval (including a secure payment link) or a respectful decline. Following payment, a 30-minute pre-engagement consultation is scheduled to confirm scope and authorization. Collection begins after that call. The deliverable is sent to the principal upon completion, followed by a deliverable-walkthrough consultation.
What if SRG declines my request? +
No payment is requested or collected before approval. If SRG declines an engagement, the requestor receives a respectful decline notification and, where appropriate, a referral to a more suitable professional. Acceptance is at SRG's sole discretion per the Service Brief.
Does the review produce a SORI™ score? +
No. A standalone Authorized Exposure-Awareness Review does not produce a SORI™ score. It produces a Digital Risk Exposure Deliverable. SORI™ scoring requires a separate SORP-conducted assessment across all 21 operational domains. Clients with both engagements active can request optional evidence mapping between the two.
Is this a one-time review or an ongoing service? +
Point-in-time. The deliverable reflects publicly available data at the time of collection; exposure surfaces change continuously. Clients seeking ongoing visibility can engage SRG under a separate Advisory Retainer; the Authorized Exposure-Awareness Review itself is not a monitoring service.
Who sees the deliverable, and what happens to the source data after delivery? +
The deliverable is confidential between the client and SRG under the engagement's mutual NDA and Data Processing Agreement. Source data and working files are retained for 30 days after deliverable acceptance and then destroyed under SRG's information security SOP.
What if findings warrant follow-on remediation work? +
The Prioritized Recommendations section of the deliverable can stand on its own — many clients implement the recommendations internally. Clients who prefer SRG to execute the remediation can engage under a separate Exposure Reduction Advisory engagement, which is scoped following deliverable acceptance.

Know the picture before
the picture knows you.

Submit a structured intake. SRG will review your request within one business day and respond with an approval or a respectful decline. No payment is requested before approval.

Request an Exposure-Awareness Review →
Methodology Protection

SRG Methodology Remains Proprietary

The Authorized Exposure-Awareness Review is delivered through SRG’s protected methodology, operator judgment, review structure, and deliverable framework. Clients may use the deliverable for the authorized engagement purpose, but may not reverse engineer, resell, redistribute, or use SRG materials to develop a competing service, workflow, assessment, or platform.