During the reconnaissance phase, the attacker looks to learn as much about the target as possible. Cybersecurity operator professionals often get caught into the trap of thinking purely in terms of technological vulnerabilities and solutions, but it is worth remembering that the target is a whole system. 

If there was a novice hacker (with an inexplicably wide variety of tools available), the reconnaissance phase would involve collecting information about the technology being used, the personnel using the technology, and any defensive systems in place. 

In terms of the castle attack example, an attacking force might look at a map of the castle (where it is and where things are inside it). This would be the technological reconnaissance. In terms of personnel, they might also consider who is able to go in and out of the castle, the dungeons, or the vaults. The security measures then intersect with this; when are the gates open, who's on guard when, and what other walls, ditches, and hazards are there.