Good OPSEC can be described in three sentences (depending on what resources you have)
1. A laptop (any laptop) with TailsOS on a USB
2. A laptop with any FOSS linux distro (Ubuntu, Parrot, Gentoo, OpenBDSM WHATEVER)
3. A laptop with QubesOS OR Whonix
(I don't even know what sort of NASA specs you have to run QubesOS + Whonix)
And of course there are other additional things you can do....
1. KeePassXC for password generating & saving
2. A VPN from IVPN or MullVad
3. Keep all important communication encrypted
I've seen people invent their own dialect in the names of OPSEC... like hello that's PGP!
I've seen people in invent their own VPN?? Which is arguably worse because you're trusting a random server host....
I've seen people use all sorts of encryption but then publicly reveal so much about themselves on forums
There's probably more examples of people doing extreme stuff for OPSEC and I don't understand why.
OPSEC isn't something to decorate, it's something to simply configure and go with it. Most of you guys have no need to be running QubesOS with Whonix or whatever OPSEC acrobatics you guys are doing lately... Take it from a three year vendor on the highly unfavoured platform (/post/294363db91162ebc7a2f/) who's OPSEC is simply Gentoo with MullVad. (and well OBSF4 as bridge but whatever). I use Email with PGP as my main form of communication, I use XMPP with OTR as my secondary form of communication.
Being a perfectionist or performing acrobatics with your OPSEC is what kills it. Keeping it simple but good is more than enough to get through the day and still be at peace of mind.
Imagine spending 30+ minutes on your OPSEC but you forgot to configure one small thing and you are leaking everywhere...
While there's someone who spends 3+ minutes on OPSEC and is the tightest ever...
Hardly any of you OPSEC fanboys are prominent enough to have complicated OPSEC. Most of you are either hard on drugs or just newbie lurkers.
TLDR: A corny acronym called "KISS" (Keep It Simple, Stupid)