Staying on top of security is a big job, and Twitter can help. Listed here, in alphabetical order, are 35 researchers, hackers, and gurus whose Twitter feeds will keep any security specialist well informed on the latest developments and thinking in the industry.
Do cybersecurity like a boss. Follow these folks and you will keep one step ahead.
Alperovitch is executive chairman of the Silverado Policy Accelerator and co-founder of CrowdStrike. He’s also on the boards of more than a half-dozen companies and has patents on more than two dozen of his cybersecurity creations. His most recent tweets are about election security and disinformation campaigns.
Robert D. Atkinson
Atkinson is president of the Information Technology & Innovation Foundation, a tech policy think tank in Washington, DC. Many of his tweets focus on the international aspects of technology, such as European digital protectionism, as well as automation, industrial policy, and big tech antitrust issues.
Asadoorian is founder and CTO of Security Weekly and chief innovation officer at the CyberRisk Alliance. Most of this former penetration tester’s tweets promote the podcasts and webcasts of Security Weekly, where he produces content for an entire network of shows on information security, including “Paul’s Security Weekly,” “Enterprise Security Weekly,” and “Hack Naked News.”
Avraham is founder and CEO of ZecOps, makers of an automated crash forensics platform, and founder and chairman of Zimperium, a mobile security company. A former Israeli Defense Force security researcher, his work has been studied by academics and quoted in popular publications, such as Forbes, MIT Technology Review, and Engadget. Many of his tweets focus on mobile security.
Bejtlich is the principal security strategist at Corelight, where he helps communicate to customers the value of network monitoring in countering cyber threats. In the past, he held a similar position with FireEye and was chief security officer at Mandiant. As author of the TaoSecurity blog, this former intelligence officer with the US Air Force combines digital security with military history. His tweets focus on thinking about security at a strategic level.
Chuvakin is helping grow Google’s cloud as a security vendor through his position as a security strategist at Chronicle, which was acquired by Alphabet in 2019. He is also a former research vice president and distinguished analyst at Gartner. His disciplines include computer forensics, intrusion detection, security information and event management, security correlation, log management, security standards, incident response, Unix and Linux security, honeypots, honeynets, and security policy and management.
A former executive at Sophos and McAfee, the UK-based Cluley is co-host of the @SmashinSecurity podcast and an independent blogger who specializes in vulnerability and data breach topics. His blog has won several awards, including one from RSA for being among the most entertaining security blogs. He’s been at the security game since the early 1990s, when he worked as a programmer on version 1 of Dr Solomon’s Antivirus Toolkit for Windows. He was inducted into the InfoSecurity Europe Hall of Fame in 2011.
Daniel is a community advocate at Tenable Network Security, but his real claim to fame is his work as a technology community activist. He is a co-founder of the Security Bsides events and co-host of the Security Voices podcast. His tweets reflect much of the curmudgeonly image that has come to be associated with Daniel over the years. He is currently researching stress and burnout in information security careers and beginning an exploration of the elders of infosec.
Goodin is security editor at Ars Technica, where he oversees coverage of malware, computer espionage, botnets, and hardware hacking. His tweets highlight his work at Ars Technica and cover a variety of contemporary security topics.
Green teaches cryptography at the John Hopkins Information Security Institute. His specialties include applied cryptography, privacy-enhanced storage systems, and anonymous crypto-currencies. He has also designed several cryptographic tools, including Charm, a framework for rapidly prototyping crypto-systems, and a Functional Encryption library that provides implementations of several new attribute-based encryption schemes. His tweets primarily focus on crypto, with a smattering of other security topics.
thaddeus e. grugq
The grugq, who has an aversion to capital letters, is an independent security researcher whose takes on security and counterintelligence have garnered over 113,000 followers on Twitter. He says his work is “unbiased, unencumbered by alliances to corporate masters, irreverent and is backed by a lifetime in the trenches.” The grugq is worth following for his ability to find and share some of the most relevant, important, and interesting tweets on security and related topics.
Hughes is president and CEO of the International Association of Privacy Professionals, a global privacy organization with more than 50,000 members in 120 countries, and an adjunct professor of law at the University of Maine School of Law. Privacy and data protection have become major concerns of businesses as they scramble to comply with new regulations and laws designed to rein in commercial collection, storage, and the use of consumer data. That makes Hughes’ tweets on privacy a must-read on Twitter.
Hunt is a Sydney, Australia-based software architect and web security specialist, as well as an Australian Microsoft regional director and Microsoft most valuable professional for developer security. While gaining some renown from his speaking engagements, developer-focused security workshops, and more than 30 Pluralsight courses on security and other technologies, he’s best known for his Have I Been Pwned website, a free service that aggregates data breaches and helps people establish whether they’ve been impacted by malicious activity on the web.
Hypponen is the chief research officer at Finland’s F-Secure. With over 202,000 followers, Hypponen is among the more widely followed security researchers in the industry. His tweets on a wide range of security-related issues are newsy and personal.
Ionescu is vice president of endpoint engineering at Crowdstrike and an expert in low-level system software, kernel development, security training, and reverse engineering. Along with Mark Russinovich and David Solomon, he has co-written the last two editions of the Windows Internals series. In addition to his Windows experience, he spent five years working with the iOS team on ARM hardware architecture and kernel development. Many of his tweets focus on bugs in Microsoft software.
Kamkar first gained fame, or notoriety, depending on your point of view, as a 19-year-old, when he exploited a security flaw in MySpace that allowed him to gain 1 million friends in a 20-hour period. Banned from using computers for three years after that caper, Kamkar these days is regarded as a brilliant security researcher whose recent exploits include breaking into keyless-entry vehicles and hacking drones. Along with his tweets about hacking, Kamkar likes to write about his hobby, making chocolate.
Kaspersky is chairman and CEO of Moscow-based Kaspersky Labs. Over 183,000 people follow his tweets, which cover a wide range of security-related topics, including cybercrime and data breaches.
Based in Zagreb, Croatia, Kosutic is a specialist in information security standards and business continuity management. He is considered an expert resource on standards such as ISO 27001 and ISO 22301/BS 25999. Kosutic’s tweets tend to focus mostly on his specialties, though he frequently touches on other topics as well, such as risk management.
A former security reporter at The Washington Post, Krebs has won industry-wide recognition for his work in exposing some of the biggest data breaches ever, including the ones at Target and Home Depot. Krebs has also written several books chronicling his extensive work investigating cyber-criminal gangs in Russia and elsewhere.
Miessler works at a top tech company in Silicon Valley and is project leader of OWASP’s IoT security project, but he is widely known for his weekly Unsupervised Learning podcast and newsletter, which explores the intersection of security, technology, and society—and what might be coming next. He tweets about a variety of infosec topics, including the IoT, authentication, and asset management.
Miller is the principal autonomous vehicle security architect at Cruise Automation, a job he earned by gaining notoriety, along with fellow hacker Chris Valasek, for hacking connected motor vehicles. His career has included a five-year stint at the NSA and work on the security teams at Twitter and Uber ATC. He’s also well known in the OS X and iOS communities, especially for remotely compromising an iPhone by sending it a malicious text message. If hacking motor vehicles is your thing, CM is the guy to follow.
Miller is a security engineer working as part of the Microsoft Security Response Center. At the center, he drives strategy and engineering related to proactive vulnerability defense across Microsoft’s products and services. Prior to joining the Redmond crew, he was a core contributor to the Metasploit framework and an editor for the Uninformed journal. His tweets and retweets focus on vulnerabilities, exploits, and mitigations.
Mogull is security editor at TidBITS, an analyst and CEO at Securosis, and founder and vice president of product at DisruptOPS, which makes a platform that gives teams automated and continuous control of cloud infrastructure so they can move faster into the nimbus while strengthening security controls. He also serves as a responder on a federal disaster medicine and terrorism response team, so his tweets focus on health issues as well as digital security.
Paganini is a researcher at the Center for Cyber Security & International Relations Studies at the University of Florence in Italy, adjunct professor at the school of law at Luiss Guido Carli University in Rome, and member of the Threat Landscape Stakeholder Group at the European Union Agency for Network and Information Security. His Security Affairs blog was chosen best European personal security blog in 2016 by Info Security magazine. Most of his tweets refer to his blog writings.
Poulsen is a data reporter at The Wall Street Journal and author of Kingpin: How One Hacker Took Over the Billion-Dollar Cybercrime Underground. In the 1990s, though, he was known as the black-hat hacker who manipulated the phone company’s computers to win radio station contests. His most recent tweets focus on voting fraud and election disinformation.
Purdy is the chief security officer at Huawei Technologies USA and the company’s lead for the East-West Institute global cyber initiative. He is also on the steering committee of the Open Group Trusted Technology Forum and a participant in the Software and Supply Chain Assurance Forum hosted by the Department of Defense, the Department of Homeland Security, the National Institute of Standards and Technology, and the General Services Administration. His tweets tend to cover topline topics, such as safe online shopping, safe work-from-home computing, economic collaboration for better data protection, the digital divide, and 5G security.
Raiu, who has more than 24 years of experience in antivirus technologies and security research, is director of Kaspersky Lab’s global research and analysis team, which has studied malicious programs such as Stuxnet, Duqu, and Carbanak. Many of his tweets focus on ransomware and advanced persistent threats.
A Canadian hacker and the “foreign minister” of the Cult of the Dead Cow white-hat hacker group, Oxblood Ruffin is a prolific tweeter, whose sardonic, sometimes risqué takes on politics, religion, technology, and security are entertaining and informative. He is an active “hactivist” and has also participated in both technology and human rights conferences.
Schneier is fellow and lecturer at Harvard’s Kennedy School, a board member of the Electronic Frontier Foundation, and the chief of security architecture at Inrupt. He is one of the foremost authorities on encryption in the country and a highly regarded expert on a range of security and privacy topics. He is one of the creators of the Blowfish cipher algorithm and the author of several books on computer security and privacy. Many of his tweets tease items from his Schneier on Security blog.
With more than 87,000 followers, Shah is a prominent Linux influencer with an interest in security. Her work on rooting embedded Linux boxes and hacking network protocols with Kali Linux has helped cement her reputation as a thought leader in the Linux community. Her Twitter feed includes many technical tweets about obfuscation, reverse engineering, and penetration testing.
Shortridge is vice president of product management and strategy at Capsule8, which provides high-performance attack protection for Linux production environments, and co-author of the recently released e-book Security Chaos Engineering, from O’Reilly Media. As a product and strategy expert, she shows leaders how to work smarter, not harder, to secure their organizations and help them find security solutions built on value, not hype. Her conference speaker credits include Black Hat, AusCERT, Hacktivity, Troopers, and ZeroNights. In among with her security tweets she sprinkles nuggets of wisdom, nerdy jokes, and fashion tips.
Spengler is president of Open Source Security and developer of grsecurity, which enhances the Linux kernel to protect it from a wide range of security threats. His tweets reflect his interest in solving difficult security problems in operating systems, which he developed in over 19 years of working in Linux kernel development and 15 years in Windows kernel development.
Although the real name and gender of the owner of the SwiftOnSecurity Twitter handle isn’t known, what can be gleaned is that the infosec Taylor Swift likes to make stupid jokes, talk systems security, write sci-fi, and use Oxford commas. That’s proved to be a popular combination of interests, and it has garnered the parody account more than 316,000 followers on Twitter. For those who like their security news delivered with just the right touch of snark and irreverence, this is a must-follow.
Whittaker, a veteran journalist, is security editor at TechCrunch. His tweets mostly cover developing security news stories.