Staying on top of security is a big job, and Twitter can help. Listed here, in alphabetical order, are 35 researchers, hackers, and gurus whose Twitter feeds will keep any security specialist well informed on the latest developments and thinking in the industry.
Follow these folks and you will keep one step ahead.
Dmitri Alperovitch
@DAlperovitch
Alperovitch is executive chairman of the Silverado Policy Accelerator and co-founder of CrowdStrike. He's also on the boards of more than a half-dozen companies and has patents on more than two dozen of his cybersecurity creations. His most recent tweets are about election security and disinformation campaigns.
Robert D. Atkinson
@RobAtkinsonITIF
Atkinson is president of the Information Technology & Innovation Foundation, a tech policy think tank in Washington, DC. Many of his tweets focus on the international aspects of technology, such as European digital protectionism, as well as automation, industrial policy, and big tech antitrust issues.
Paul Asadoorian
@securityweekly
Asadoorian is founder and CTO of Security Weekly and chief innovation officer at the CyberRisk Alliance. Most of this former penetration tester's tweets promote the podcasts and webcasts of Security Weekly, where he produces content for an entire network of shows on information security, including "Paul's Security Weekly," "Enterprise Security Weekly," and "Hack Naked News."
Zuk Avraham
@ihackbanme
Avraham is founder and CEO of ZecOps, makers of an automated crash forensics platform, and founder and chairman of Zimperium, a mobile security company. A former Israeli Defense Force security researcher, his work has been studied by academics and quoted in popular publications, such as Forbes, MIT Technology Review, and Engadget. Many of his tweets focus on mobile security.
Richard Bejtlich
@taosecurity
Bejtlich is the principal security strategist at Corelight, where he helps communicate to customers the value of network monitoring in countering cyber threats. In the past, he held a similar position with FireEye and was chief security officer at Mandiant. As author of the TaoSecurity blog, this former intelligence officer with the US Air Force combines digital security with military history. His tweets focus on thinking about security at a strategic level.
Anton Chuvakin
@anton_chuvakin
Chuvakin is helping grow Google's cloud as a security vendor through his position as a security strategist at Chronicle, which was acquired by Alphabet in 2019. He is also a former research vice president and distinguished analyst at Gartner. His disciplines include computer forensics, intrusion detection, security information and event management, security correlation, log management, security standards, incident response, Unix and Linux security, honeypots, honeynets, and security policy and management.
Graham Cluley
@gcluley
A former executive at Sophos and McAfee, the UK-based Cluley is co-host of the @SmashinSecurity podcast and an independent blogger who specializes in vulnerability and data breach topics. His blog has won several awards, including one from RSA for being among the most entertaining security blogs. He's been at the security game since the early 1990s, when he worked as a programmer on version 1 of Dr Solomon's Antivirus Toolkit for Windows. He was inducted into the InfoSecurity Europe Hall of Fame in 2011.
Jack Daniel
@jack_daniel
Daniel is a community advocate at Tenable Network Security, but his real claim to fame is his work as a technology community activist. He is a co-founder of the Security Bsides events and co-host of the Security Voices podcast. His tweets reflect much of the curmudgeonly image that has come to be associated with Daniel over the years. He is currently researching stress and burnout in information security careers and beginning an exploration of the elders of infosec.
Dan Goodin
@dangoodin001
Goodin is security editor at Ars Technica, where he oversees coverage of malware, computer espionage, botnets, and hardware hacking. His tweets highlight his work at Ars Technica and cover a variety of contemporary security topics.
Matthew Green
@matthew_d_green
Green teaches cryptography at the John Hopkins Information Security Institute. His specialties include applied cryptography, privacy-enhanced storage systems, and anonymous crypto-currencies. He has also designed several cryptographic tools, including Charm, a framework for rapidly prototyping crypto-systems, and a Functional Encryption library that provides implementations of several new attribute-based encryption schemes. His tweets primarily focus on crypto, with a smattering of other security topics.
thaddeus e. grugq
@thegrugq
The grugq, who has an aversion to capital letters, is an independent security researcher whose takes on security and counterintelligence have garnered over 113,000 followers on Twitter. He says his work is "unbiased, unencumbered by alliances to corporate masters, irreverent and is backed by a lifetime in the trenches." The grugq is worth following for his ability to find and share some of the most relevant, important, and interesting tweets on security and related topics.
Trevor Hughes
@jtrevorhughes
Hughes is president and CEO of the International Association of Privacy Professionals, a global privacy organization with more than 50,000 members in 120 countries, and an adjunct professor of law at the University of Maine School of Law. Privacy and data protection have become major concerns of businesses as they scramble to comply with new regulations and laws designed to rein in commercial collection, storage, and the use of consumer data. That makes Hughes' tweets on privacy a must-read on Twitter.
Troy Hunt
@TroyHunt
Hunt is a Sydney, Australia-based software architect and web security specialist, as well as an Australian Microsoft regional director and Microsoft most valuable professional for developer security. While gaining some renown from his speaking engagements, developer-focused security workshops, and more than 30 Pluralsight courses on security and other technologies, he's best known for his Have I Been Pwned website, a free service that aggregates data breaches and helps people establish whether they've been impacted by malicious activity on the web.
Mikko Hypponen
@mikko
Hypponen is the chief research officer at Finland's F-Secure. With over 202,000 followers, Hypponen is among the more widely followed security researchers in the industry. His tweets on a wide range of security-related issues are newsy and personal.
Alex Ionescu
@aionescu
Ionescu is vice president of endpoint engineering at Crowdstrike and an expert in low-level system software, kernel development, security training, and reverse engineering. Along with Mark Russinovich and David Solomon, he has co-written the last two editions of the Windows Internals series. In addition to his Windows experience, he spent five years working with the iOS team on ARM hardware architecture and kernel development. Many of his tweets focus on bugs in Microsoft software.
Dan Kaminsky
@dakami
Kaminsky is chief scientist at White Ops, a firm specializing in detecting malware activity via JavaScript. He is best known for his work involving DNS cache poisoning. He is one of just seven people with the authority to restore the DNS root keys on the Internet in the event of an emergency. He has worked for Cisco, Avaya, and IOActive, where he was the director of penetration testing. Kaminsky, who has 90,000 followers, tweets on a variety of current hot topics in addition to posting about information security.
Samy Kamkar
@samykamkar
Kamkar first gained fame, or notoriety, depending on your point of view, as a 19-year-old, when he exploited a security flaw in MySpace that allowed him to gain 1 million friends in a 20-hour period. Banned from using computers for three years after that caper, Kamkar these days is regarded as a brilliant security researcher whose recent exploits include breaking into keyless-entry vehicles and hacking drones. Along with his tweets about hacking, Kamkar likes to write about his hobby, making chocolate.
Eugene Kaspersky
@e_kaspersky
Kaspersky is chairman and CEO of Moscow-based Kaspersky Labs. Over 183,000 people follow his tweets, which cover a wide range of security-related topics, including cybercrime and data breaches.
Dejan Kosutic
@Dejan_Kosutic
Based in Zagreb, Croatia, Kosutic is a specialist in information security standards and business continuity management. He is considered an expert resource on standards such as ISO 27001 and ISO 22301/BS 25999. Kosutic's tweets tend to focus mostly on his specialties, though he frequently touches on other topics as well, such as risk management.
Brian Krebs
@briankrebs
A former security reporter at The Washington Post, Krebs has won industry-wide recognition for his work in exposing some of the biggest data breaches ever, including the ones at Target and Home Depot. Krebs has also written several books chronicling his extensive work investigating cyber-criminal gangs in Russia and elsewhere.
Daniel Miessler
@DanielMiessler
Miessler works at a top tech company in Silicon Valley and is project leader of OWASP's IoT security project, but he is widely known for his weekly Unsupervised Learning podcast and newsletter, which explores the intersection of security, technology, and society—and what might be coming next. He tweets about a variety of infosec topics, including the IoT, authentication, and asset management.
Charlie Miller
@0xcharlie
Miller is the principal autonomous vehicle security architect at Cruise Automation, a job he earned by gaining notoriety, along with fellow hacker Chris Valasek, for hacking connected motor vehicles. His career has included a five-year stint at the NSA and work on the security teams at Twitter and Uber ATC. He's also well known in the OS X and iOS communities, especially for remotely compromising an iPhone by sending it a malicious text message. If hacking motor vehicles is your thing, CM is the guy to follow.
Matt Miller
@epakskape
Miller is a security engineer working as part of the Microsoft Security Response Center. At the center, he drives strategy and engineering related to proactive vulnerability defense across Microsoft’s products and services. Prior to joining the Redmond crew, he was a core contributor to the Metasploit framework and an editor for the Uninformed journal. His tweets and retweets focus on vulnerabilities, exploits, and mitigations.
Rich Mogull
@rmogull
Mogull is security editor at TidBITS, an analyst and CEO at Securosis, and founder and vice president of product at DisruptOPS, which makes a platform that gives teams automated and continuous control of cloud infrastructure so they can move faster into the nimbus while strengthening security controls. He also serves as a responder on a federal disaster medicine and terrorism response team, so his tweets focus on health issues as well as digital security.
Pierluigi Paganini
@SecurityAffairs
Paganini is a researcher at the Center for Cyber Security & International Relations Studies at the University of Florence in Italy, adjunct professor at the school of law at Luiss Guido Carli University in Rome, and member of the Threat Landscape Stakeholder Group at the European Union Agency for Network and Information Security. His Security Affairs blog was chosen best European personal security blog in 2016 by Info Security magazine. Most of his tweets refer to his blog writings.
Kevin Poulsen
@kpoulsen
Poulsen is a data reporter at The Wall Street Journal and author of Kingpin: How One Hacker Took Over the Billion-Dollar Cybercrime Underground. In the 1990s, though, he was known as the black-hat hacker who manipulated the phone company's computers to win radio station contests. His most recent tweets focus on voting fraud and election disinformation.
Andy Purdy
@andy_purdy
Purdy is the chief security officer at Huawei Technologies USA and the company's lead for the East-West Institute global cyber initiative. He is also on the steering committee of the Open Group Trusted Technology Forum and a participant in the Software and Supply Chain Assurance Forum hosted by the Department of Defense, the Department of Homeland Security, the National Institute of Standards and Technology, and the General Services Administration. His tweets tend to cover topline topics, such as safe online shopping, safe work-from-home computing, economic collaboration for better data protection, the digital divide, and 5G security.
Costin Raiu
@craiu
Raiu, who has more than 24 years of experience in antivirus technologies and security research, is director of Kaspersky Lab's global research and analysis team, which has studied malicious programs such as Stuxnet, Duqu, and Carbanak. Many of his tweets focus on ransomware and advanced persistent threats.
Oxblood Ruffin
@OxbloodRuffin
A Canadian hacker and the "foreign minister" of the Cult of the Dead Cow white-hat hacker group, Oxblood Ruffin is a prolific tweeter, whose sardonic, sometimes risqué takes on politics, religion, technology, and security are entertaining and informative. He is an active "hactivist" and has also participated in both technology and human rights conferences.
Bruce Schneier
@schneierblog
Schneier is fellow and lecturer at Harvard's Kennedy School, a board member of the Electronic Frontier Foundation, and the chief of security architecture at Inrupt. He is one of the foremost authorities on encryption in the country and a highly regarded expert on a range of security and privacy topics. He is one of the creators of the Blowfish cipher algorithm and the author of several books on computer security and privacy. Many of his tweets tease items from his Schneier on Security blog.
Binni Shah
@binitamshah
With more than 87,000 followers, Shah is a prominent Linux influencer with an interest in security. Her work on rooting embedded Linux boxes and hacking network protocols with Kali Linux has helped cement her reputation as a thought leader in the Linux community. Her Twitter feed includes many technical tweets about obfuscation, reverse engineering, and penetration testing.
Kelly Shortridge
@swagitda_
Shortridge is vice president of product management and strategy at Capsule8, which provides high-performance attack protection for Linux production environments, and co-author of the recently released e-book Security Chaos Engineering, from O'Reilly Media. As a product and strategy expert, she shows leaders how to work smarter, not harder, to secure their organizations and help them find security solutions built on value, not hype. Her conference speaker credits include Black Hat, AusCERT, Hacktivity, Troopers, and ZeroNights. In among with her security tweets she sprinkles nuggets of wisdom, nerdy jokes, and fashion tips.
Brad Spengler
@spendergrsec
Spengler is president of Open Source Security and developer of grsecurity, which enhances the Linux kernel to protect it from a wide range of security threats. His tweets reflect his interest in solving difficult security problems in operating systems, which he developed in over 19 years of working in Linux kernel development and 15 years in Windows kernel development.
Taylor Swift
@SwiftOnSecurity
Although the real name and gender of the owner of the SwiftOnSecurity Twitter handle isn't known, what can be gleaned is that the infosec Taylor Swift likes to make stupid jokes, talk systems security, write sci-fi, and use Oxford commas. That's proved to be a popular combination of interests, and it has garnered the parody account more than 316,000 followers on Twitter. For those who like their security news delivered with just the right touch of snark and irreverence, this is a must-follow.
Zack Whittaker
@zackwhittaker
Whittaker, a veteran journalist, is security editor at TechCrunch. His tweets mostly cover developing security news stories.
Keep learning
Learn from your SecOps peers with TechBeacon's State of SecOps 2021 Guide. Plus: Download the CyberRes 2021 State of Security Operations.
Get a handle on SecOps tooling with TechBeacon's Guide, which includes the GigaOm Radar for SIEM.
The future is security as code. Find out how DevSecOps gets you there with TechBeacon's Guide. Plus: See the SANS DevSecOps survey report for key insights for practitioners.
Get up to speed on cyber resilience with TechBeacon's Guide. Plus: Take the Cyber Resilience Assessment.
Put it all into action with TechBeacon's Guide to a Modern Security Operations Center.