I Tested Two OPSEC Trainings. Here’s The Trick Question That Got Everyone

Quick note before we get rolling:

• I took the CDSE “OPSEC Awareness” course last fall.
• I also carried the little NCSC OPSEC Pocket Guide in my tote for a month.
• I used both at work and at home. Yes, my kitchen table saw a lot of sticky notes.

Now, the main thing folks ask me after these classes is the same: which is not an example of an OPSEC countermeasure? That quiz line tripped up half my team. Honestly, it almost got me too. I put the full story—including the quiz that stumped us—into a deeper dive on my twin OPSEC trainings.

The gist in plain words

OPSEC means we keep key details from leaking out, so bad actors can’t piece things together. A countermeasure is a step that lowers risk. If it leaks more, it’s not a countermeasure. Simple, but the questions can be sneaky. I even went down the rabbit hole online, and this roundup of training answers ended up being my compass.
You can also find a succinct rundown of everyday privacy safeguards in this piece from Reason to Freedom.

You know what? Everyday life makes it sneaky. Phones tag photos. Calendars sync everywhere. Coffee shops echo. And yes, my dog barks right when I’m on speaker.

What I used and how it felt

• CDSE OPSEC Awareness: One hour, short clips, clean examples. Good “What could go wrong?” moments. The final quiz felt fair, minus one tricky item I’ll explain.
• NCSC OPSEC Pocket Guide: A small, fold-out card. Lived in my bag. I liked the quick reminders on “critical information.” It felt like a grocery list, but for risk.

I took the course on a Tuesday night after dinner. I passed. Then on Wednesday, I caught myself about to post a travel pic. That’s how fast habits kick in.

The trick question, answered with real life

Here’s the line they used: Which is NOT an OPSEC countermeasure?

Real examples that ARE OPSEC countermeasures:

• Shredding printouts with project names before trash day. I use a cross-cut shredder at home.
• Turning off location tags on my iPhone camera before I post to Instagram. No more map pins.
• Using 2FA on my email and work apps. I keep a YubiKey on my key ring.
• Setting “need-to-know” in OneDrive by sharing only with named people, and with link expiry.
• Covering my laptop screen with a privacy filter on flights. Middle seat neighbors are nosy.
• Talking about sensitive dates in person, not on speaker in a café. I learned that the hard way.

Real examples that are NOT OPSEC countermeasures:

• Posting a selfie with your boarding pass showing. Mine had my frequent flyer number. Yikes.
• Reusing the same weak password across apps. “Fall2024!” isn’t clever. It’s lazy.
• Sharing team travel dates on a public Google Calendar. I’ve seen this. Please don’t.
• Wearing your work badge on the train. It shows company, department, even building.
• Leaving project plans up on a whiteboard after a meeting. Clean the board. Take a photo to a secure folder if you must, then wipe.
• Talking about delivery routes on Facebook. Seems small, but it maps patterns.

So, the correct quiz pick? Anything that spreads sensitive details further. If it makes the “puzzle” easier for someone else, it’s not a countermeasure.

A quick story that made it click

Last month, I helped plan a small offsite. Nothing fancy. But the venue posted our group name on a lobby screen. That’s not a countermeasure. We asked them to change it to “Private Event — Room C.” We also moved the agenda to a private calendar with limited invites. That is a countermeasure.

Tiny moves, big difference.

Where the training hit and where it missed

What worked:

• Short, real clips. One showed a photo with hidden metadata. It stuck with me.
• The “critical info” checklist. Names, dates, routes, systems. It’s like a packing list.

What fell short:

• The social media part felt dated. TikTok and Reels move fast. They showed Facebook walls like it’s 2014.
• The quiz wording. That “not an example” line felt like a grammar trick. I wish they bolded the word NOT.

Still, I liked it. I’d take it again with my team, maybe over lunch with a bowl of chili. Food keeps people honest.

My week of small fixes

• I turned off “Live Photo” location data before sharing a family picture.
• I set a six-digit phone PIN instead of a four-digit one. Not fancy. Just better.
• I removed our building name from a LinkedIn post draft. The story still read fine.
• I started using expiring links for vendor files. Thirty days. Then gone.
• I taped a small reminder card on my monitor: “Who needs this? How long? Where does it go?”

I even set a monthly reminder: “Check what I’m sharing.” Sounds silly. Works like a charm.

A tiny wrinkle I had to sort out

I love taking airport photos. The lights, the planes, the joy. But boarding passes and gate screens creep into the frame. At first, I thought, “I’ll blur it later.” Then I forgot once. So I changed the habit. I take the shot facing away from screens. Beauty shot, no data. That’s OPSEC without killing joy.

OPSEC and your dating life

Even your social life can test these habits. If you’re lining up a casual after-work coffee through a hookup platform like fucklocal.com, remember to mask personal identifiers—use a secondary email, meet in a public spot first, and avoid sharing your full address until trust is earned; the site itself makes it simple to meet nearby adults quickly and discreetly, so pairing it with smart OPSEC keeps the fun risk-free.
Some friends have asked whether the same caution applies when they’re scouting massage spots after a long travel day; absolutely—OPSEC isn’t just for spreadsheets. Before you hand over a real phone number or ID at reception, skim the Rubmaps La Verne insider guide so you can pick a venue known for respecting client privacy and avoid any establishment with a track record of leaking personal details.

Who will like these tools

• New hires who post a lot. They’ll learn fast, and it won’t feel preachy.
• Folks who plan travel, events, or shipping. Lots of moving parts, lots of risks.
• Small teams in health or finance. PHI and PII need quiet spaces and tight shares.

Anyone in uniform will also nod along; the lessons map almost line-for-line with the takeaways in this candid Navy OPSEC training review.

If you work with vendors, all this matters even more. One loose link and the chain clanks.

Final take

The course and pocket guide both helped me catch blind spots. The big lesson is simple: a countermeasure lowers risk. If a step spreads sensitive details, it is not a countermeasure. That’s the answer, and the habit.

One last thing. I keep a sticky by my desk that says, “Would I share this on a stage?” If the answer is no, I find a safer way. It’s not perfect. But it keeps me honest—and it keeps my team safer, too.