Staying on top of the latest industry news and trends is a big part of the job for any InfoSec pro, and Twitter is a great resource, but with 243 million active users, it can be difficult to parse the good from the bad.
Lucky for you, we’ve combed through the Twittersphere (all 243 million users, I swear) and pulled the top 21 influencers and thought leaders in the InfoSec Twittersphere, presented here in no particular order.
For a more concise and printable overview of the Identity and Access Management market in 2017, check out Solutions Review’s all-new 2017 Identity and Access Management Buyer’s Guide.
Brian Krebs is an independent investigative journalist covering cybercrime. Krebs was formerly a security reporter at The Washington Post and is currently the author of the popular Krebs on Security blog. At The Washington Post, Krebs won widespread recognition for his work exposing some of the biggest corporate data breaches of all time, such as the ones at Target and Home Depot.
Rick Holland is a CISSP and a former vice president and principal analyst at Forrester Research, where he focused on Security & Risk (S&R), providing strategic guidance on security architecture, security operations, and data privacy. Holland’s research ( and his Twitter feed, for the most part) focuses on incident response, threat intelligence, vulnerability management, penetration testing, red teaming, malware analysis, and email and web content security.
Runa Sandvik is the director of the Information Security newsroom at the New York Times, a former developer at the TOR Project, and a Technical Advisor for the Freedom of the Press Foundation and the TrueCrypt Audit project. Sandvik tweets on encryption, freedom of information, and the intersection of technology, law, and policy.
Jay Jacobs is the co-author of Data-Driven Security, the Verizon Data Breach Investigation Reports and the co-founder of the Society of Information Risk Analysts, where he currently sits on the board of directors. Jacobs tweets typically focus on data analysis and visualization, risk analysis, and infosec.
Erin Jacobs is a former CIO/CSO who is now a Partner at information security consulting firm Urbane Security. She tweets about app security and mobile development.
Graham Cluley is a British security blogger and the author of GrahamCluley.com. Cluley was inducted into the InfoSecurity Europe Hall of Fame in 2011 and was given an honorary mention in the “10 Greatest Britons in IT History” for his contribution as a leading authority in Internet security.
Jack Daniel is the Security BSides Co-Founder, co-host of the Security Weekly podcast, and a strategist at Tenable Network Security. A self-proclaimed “information security curmudgeon,” Daniel provides solid information with a healthy dose of snark to keep things in perspective.
A self-described “infosec supervillain,” Melissa Elliot is a professional Application Security Researcher at Veracode who is extremely active on Twitter. Elliott tweets about programming, security, as well as fiction writing.
Augusto Barros is the author of the popular Security Balance blog and has been working in Information Security for over a decade. Barros is currently working as a Research Director at Gartner, where he focuses on security and risk management. Barros’ strong InfoSec background, as well as his writing skills, make his Twitter feed a great resource for S&R pros looking to stay abreast of the latest research.
Tiffany Strauchs Rad
Tiffany Rad is a Washington D.C. based Computer Security Analyst, Professor, and Lawyer. Rad frequently tweets about cybercrime, and related law and policy.
Adrian Sanabria is a Senior Analyst at 451 Research with more than 12 years of enterprise security experience and a background in system administration and architecture. Adrian is involved in various volunteer projects within the security community, such as the National Board of Information Security Examiners’ (NBISE) efforts to provide analysis on information security job roles and hiring through the Operational Security Testing Panel and the Penetration Testing Execution Standard (PTES).
Kate Moussouris is the founder of Luta Security and former Chief Policy Officer at HackerOne. She has extensive experience in the field, having worked at Microsoft and Symantec for several years. SC Magazine recently named Moussouris among 2014’s Top Women in IT Security, and she has spoken at a number of high-profile conferences, including RSA.
Dave Marcus is Chief Architect, Advanced Research and Threat Intelligence McAfee Federal Advanced Programs Group and primarily tweets on information security.
Eleanor Dallaway is the editor of Infosecurity Magazine, a popular UK-based website covering InfoSec news, trends, and best practices. Dallaway tweets on information cyber threats, vulnerabilities, and other trending stories.
Neil MacDonald is a Vice President, Distinguished Analyst, and Gartner Fellow Emeritus at Gartner Research with 20 years of experience in information security. MacDonald is a member of Gartner’s information security and privacy research team, where he is focused on securing next-generation virtualized and cloud-based computing environments from advanced attacks. Specific research areas include endpoint protection, virtualization security, application security, protection of cloud-based workloads and protection from advanced targeted attacks using context-aware security and big data analytics approaches.
Martin Mckeay is a Security Expert and Blogger currently working as Security Advocate for Akamai. McKeay runs a long running blog and podcast, and frequenly tweets related content.
- 24 Vendor Profiles and Capabilities References
- 10 Top Questions for Buyer’s
- Complete Market Overview
Bruce Schneier is one of the creators of the Blowfish cipher algorithm, a fellow at Harvard Law School’s Berkman Center for Internet & Society, and the author of several books on computer security and privacy. Schneier is a bit of an authority on encryption and, as such, most of his tweets deal with privacy and encryption.
Chris Wysopal, AKA Weld Pond, is the Co-founder and CTO of Veracode, and a former security researcher at L0pht, the hacker think-tank that testified before the Congress of the United States that they could shut down the entire Internet in 30 minutes way back in 1998. Wysopal has served on the Black Hat Review Board and has been named one of the most influential people in IT by eWeek, among other distinguishments.
Jeremiah Grossman is the Chief of Security Strategy at SentinelOne, the founder and former CTO of WhiteHat Security and a former information security officer at Yahoo. Grossman is also a founding member of the Web Application Security Consortium (WASC), and a black belt in Brazilian Jiu-Jitsu.
Dan Kaminsky is a security researcher, chief scientist at White Ops, and the author of a popular blog ( FKA DoxPara Research). Kaminsky is best known for his work finding a critical flaw in the Internet’s Domain Name System (DNS), and for leading what became the largest synchronized fix to the Internet’s infrastructure of all time.
The Grugq one of those interesting characters you can only really find in information security. He’s an independent security researcher The Grugq is an information security researcher with 15 years of industry experience, who started his career at a Fortune 100 company, before transitioning to consulting company @stake, where he eventually resigned after publishing a Phrack article on anti-forensics. Currently, The Grugq’s opinions on cybersecurity and counterintelligence have netted him over 45,000 followers on Twitter.
Mike Hypponen is the chief research officer at Finland’s F-Secure who has written on his research for the New York Times, Wired and Scientific America and he appears frequently on international TV. Hypponen is among the most followed security researchers in the industry, with over 121,000 followers on Twitter.
Dave Shackleford is Founder of Voodoo Security, a VMware vExpert, a faculty member at SANS Institute, and a security blogger.
Jérôme Segura is Lead Malware Intelligence Analyst at Malwarebytes and puts that knowledge to good use on Twitter, where he tweets on malvertising, exploit Kits, tech support scams, and other prominent infosec issues.
Perhaps the most well-known person on this list, Eugene Kaspersky is the founder, chairman, and CEO of Moscow-based cyber security giant Kaspersky Labs. As one of the few non-US based persons on this list, Kaspersky offers a different take on the current geopolitical cybersecurity climate, so join his 146,000 followers and check it out.
Dave Whitelegg is a UK-based cyber information security expert, blogger, and security professional. Aside from boasting what must be one of the most sought after usernames in infosec, Whitelegg is a CISSP certified, with ISO27001 Lead & PCI ISA as well.
Richard Bejtlich is the chief security strategist at FireEye and the author of TaoSecurity, a popular blog that views digital security through the lens of military history and ‘strategic afterthought.’ Bejlich’s tweets reflect this unique perspective, and while it may take some figuring out for those without history degrees, it’s a valuable perspective to consider.
Paul Asadoorian is the founder of Security Weekly, a popular series of podcasts and webcasts covering security-related topics. Asadoorian was formerly an instructor at the SANS Institute.
Infosec Taylor Swift
@SwiftOnSecurity, AKA InfoSec Taylor Swift, AKA SecuriTay, is everyone’s favorite infosec parody account. “Tay” mixes Swift’s public persona and lyrics with harsh InfoSec critique and sarcasm. This two-year-old Imgur post of “her” top posts in inspirational meme form is still required reading.
- 17 Cybersecurity Podcasts You Should Listen to in 2020 - January 3, 2019
- What’s Changed: Gartner 2017 Magic Quadrant for Identity Governance and Administration (IGA) - January 28, 2018
- Crossmatch Integrates Keyboard Capture to Identity Management Software - November 27, 2017