The following is a post by Mark Barwinski, the opening keynote speaker for Swiss Cyber Storm 2025. Mark has over 20 years of cybersecurity leadership experience spanning financial services, professional consulting, manufacturing, and government intelligence. In this blog post, he shares first-hand experiences of OPSEC failures from his time at the NSA, and offers strong advice for realistic OPSEC practices in 2025. By publishing this article for the first time, Swiss Cyber Storm hopes to provide a basis for further discussion.

This is a contributed guest post by Florian Badertscher from Swisscom’s bug bounty program. We are publishing it here on the Cyber Storm blog because it brings information valuable to companies planning a bug bounty program of their own.