Micro Focus is now part of OpenText. Learn more >

You are here

You are here

The top 25 #infosec and #appsec leaders to follow on Twitter

Jaikumar Vijayan Freelance writer

Staying on top of security is a big job, and Twitter can help. Here, in no particular order, is a list of 25 Twitter feeds that you'd do well to follow if you are a security specialist. Each person on the list is an accomplished hacker or researcher whose contributions to information security are helping make the Internet and software safer.

Bruce Schneier


Schneier is one of the foremost authorities on encryption in the country and a highly regarded expert on a range of security- and privacy-related topics. He is one of the creators of the Blowfish cipher algorithm, a fellow at Harvard Law School's Berkman Center for Internet & Society, and the author of several books on computer security and privacy.

Chris Wysopal


A former programmer at Lotus and later a security researcher at hacker collective L0pht, Wysopal was part of a team that warned Congress about gaping Internet vulnerabilities as far back as 1998. Wysopal helped found Veracode, an application security vendor of which he is currently the CTO. A self-professed application security and security-transparency buff, Wysopal's tweets are newsy and cover a wide range of security-related topics.

Jeremiah Grossman


Grossman is the founder and chief technology officer of WhiteHat Security and former information security officer at Yahoo. He is a founding member of the Web Application Security Consortium (WASC) and an expert on all things application security

David Litchfield


Litchfield is not a particularly frequent tweeter, but he is worth following for his insight on database security issues. He has long been a thorn in Oracle's side with his seemingly never-ending vulnerability disclosures in the company's database and other technologies.

Oxblood Ruffin 3.0


A Canadian hacker and member of the Cult of the Dead Cow white-hat hacker group, Oxblood Ruffin is a prolific tweeter, whose sardonic, sometimes risqué takes on politics, religion, technology, and security are entertaining and informative.

Dan Kaminsky


Kaminsky is a security researcher and chief scientist at White Ops. He is best known for his work involving DNS cache poisoning. He is one of just seven people with the authority to restore the DNS root keys on the Internet in the event of an emergency. Kaminsky retweets as much as, or even more, than he tweets himself but is worth following all the same.

The Grugq


The Grugq is an independent security researcher whose takes on security and counterintelligence are followed by over 38,000 followers on Twitter. The Grugq is worth following for his ability to find and share some of the most relevant, important, and interesting tweets on security and related topics.

Dino A. Dai Zovi


Dai Zovi is well known for his work on mobile security, particularly involving the iOS and Mac OS X platforms. A frequent speaker at security confabs, he is the co-author of three books, including the iOS Hacker's Handbook and The Mac Hacker's Handbook. He is currently the mobile security lead at Square.

Mikko Hypponen


Hypponen is the chief research officer at Finland's F-Secure. With over 112,000 followers, Hypponen is among the more widely followed security researchers in the industry. His tweets on a wide range of security-related issues are newsy and personal.

Katie Moussouris


As the chief policy officer for HackerOne, Moussouris is well known for her work on vulnerability disclosure, response, and bug bounty programs. She was a former program manager at Microsoft, where she was involved in initiatives like the company's vulnerability research and bug bounty programs.

Brian Krebs


A former security reporter at The Washington Post, Krebs has won industry-wide recognition for his work in exposing some of the biggest data breaches ever, including the ones at Target and Home Depot. Krebs has written several books chronicling his extensive work investigating cyber-criminal gangs in Russia and elsewhere, and Sony Pictures is currently working on a movie about his work.

Eugene Kaspersky


Kaspersky is chairman and CEO of Moscow-based Kaspersky Labs. Over 144,000 people follow his tweets, which cover a wide range of security-related topics.

Graham Cluley


A former executive at Sophos, the UK-based Cluley is an independent blogger who specializes mostly in vulnerability- and breach-related topics. His blog has won several awards, including one from RSA for being among the most entertaining security blogs.

Anton Chuvakin


Chuvakin is vice president of research with Gartner's security and risk management practices team. He is a specialist in the areas of log management, security standards, and security information and event management. But his tweets touch upon a wide range of other, mostly security-related topics as well.

Dejan Kosutic


Based in Zagreb, Croatia, Kosutic is a specialist in information security standards and business continuity management. He is considered an expert resource on standards like the ISO 27001 and ISO 22301/BS 25999. Kosutic's tweets tend to focus mostly on his specialties, though he frequently touches on other topics as well.

Charlie Miller


Miller is best recognized for demonstrating, with fellow hacker Chris Valasek, how modern, connected cars can be hacked remotely. He is also well known for his exploits with Apple's OS X and iOS products. Miller, who used to be a global network exploitation expert at the National Security Agency, is currently an engineer at Uber.

Chris Valasek


Valasek, who along with hacking partner Charlie Miller was recently hired by Uber, is well known for his research on vulnerabilities in connected automobiles. He was the director of vehicle security research at IOActive Inc. prior to joining Uber.

Richard Bejtlich


Bejtlich is the chief security strategist at FireEye but is better known as the author of TaoSecurity, a blog that combines digital security with military history. The tweets of this former intelligence officer with the U.S. Air Force reflect his focus on thinking about security at a strategic level.

Jack Daniel


Daniel is a strategist at Tenable Network Security, but his real claim to fame is his work as a technology community activist. He is the co-founder of Security Bsides events and co-host of Security Weekly. His tweets reflect much of the curmudgeonly image that has come to be associated with Daniel over the years.

Paul Asadoorian


Asadoorian is the founder of Security Weekly, a popular resource for podcasts and webcasts on security-related topics. A former instructor at the SANS Institute, Asadoorian is currently a product strategist at Tenable Network Security.

Infosec Taylor Swift


Starting with tweets about the HeartBleed bug, Infosec Taylor Swift's commentary on information security has garnered the parody account over 100,000 followers on Twitter. For those who like their security news delivered with just the right touch of snark and irreverence, this is a must-follow.

Samy Kamkar


Kamkar first gained fame, or notoriety, depending on your point of view, as a 19-year-old, when he exploited a security flaw in MySpace that allowed him to gain 1 million friends in a 20-hour period. Banned from using computers for three years after that caper, Kamkar these days is regarded as a brilliant security researcher whose recent exploits include breaking into keyless-entry vehicles and hacking drones.

Joshua Corman


Dmitri Alperovitch


As the co-founder and chief technology officer at Crowdstrike, Alperovitch is best known for his exposé of Operation Shady RAT, a cybercrime operation involving devastating intrusions into dozens of US organizations by suspected Chinese cyber-criminals.

Keep learning

Read more articles about: App Dev & TestingTesting