Contractors are not secret, nor are employees. You can go to LinkedIn and easily look up people who work for NSA, or Booz Allen Hamilton, and learn a great deal of who does what (again, not a secret). Counterintelligence measures are employed elsewhere.
part of spear phishing is building up credibility, so it's a value add to have this information in addition to whatever other OSINT is out there. if you're committing in tandem with another user that's a huge opportunity to impersonate and phish, vis-a-vis "your buddy at Lockheed".
