RSA Conference: Top 25 #infosec leaders to follow on Twitter

One of the world’s largest and most influential security events, the RSA Conference (@RSAConference #RSAC), kicks off its 25th anniversary edition on February 29, and tracking the proceedings on Twitter will be a challenge. More than 30,000 attendees will likely create a tweet-storm of epic proportions once the doors open at the Moscone Center in San Francisco and the hundreds of keynotes, panels, track sessions, seminars, tutorials, and other activities get under way at the five-day conference.

To help you fine-tune your Twitter feed so that it catches more signal than noise, we list here, in no particular order, 25 RSA Conference speakers with good tweeting skills and Twitter accounts worth following (plus the official conference Twitter account, of course).

Download 65-Page GuideBest of 2016: Tech & Software Conferences Guide

1. Bruce Schneier

Bruce Schneier is a world-renowned authority on security who has written 13 books and hundreds of articles, essays, and academic papers. He is currently the CTO at Resilient Systems, a fellow at Harvard's Berkman Center for Internet and Society, and a board member of the Electronic Frontier Foundation (EFF). He has been writing about security on his blog since 2004 and has published a monthly newsletter since 1998.

2. Jeremiah Grossman

Jeremiah Grossman, founder of WhiteHat Security, is a web application security expert whose writings have appeared in major publications such as The Wall Street Journal, Forbes, and The New York Times, and who regularly speaks around the world at events such as TED, BlackHat, RSA, and SANS. He has been a guest lecturer at top universities such as UC Berkeley, Stanford, Harvard, and UCLA. He co-founded the Web Application Security Consortium (WASC).

3. Brian Krebs

Investigative journalist Brian Krebs provides such insightful and hard-hitting reporting on security that he sometimes becomes the story when disgruntled malicious hackers go after him, most recently with a cyber-plot to frame him for heroin possession. Krebs covered computer security for The Washington Post from 1995 until 2009, his Spam Nation book was a New York Times bestseller, and his Krebs On Security blog is must-read in the industry.

4. Mark Russinovich

Mark Russinovich, CTO of Microsoft's Azure cloud computing platform, isn't just a high-profile techie; he's also a novelist, having penned three novels — Rough Code, Zero Day, and Trojan Horse — whose central character is a cybersecurity expert called Jeff Aiken. Russinovich, who has a Ph.D. in computer engineering from Carnegie Mellon University, has also written books and articles about Microsoft products, including Windows, and regularly speaks at major industry conferences such as TechEd, BlackHat, and RSA.

5. Matthew Green

Cryptography expert Matthew Green is an assistant professor at the Johns Hopkins Information Security Institute who has designed and analyzed cryptographic systems used in wireless networks, payment systems, and digital content protection platforms. His research focuses on the ways cryptography can be used to promote user privacy. His blog is called A Few Thoughts on Cryptographic Engineering.

6. Chris Wysopal

Along with six other members of the L0pht hacker think tank, Chris Wysopal famously prophesied during a congressional hearing the mess that was going to befall individuals and businesses as the use of the web began to explode in the late 1990s, due to grossly flawed and insecure software, hardware, and networking products. In 2006, he co-founded application security company Veracode, where he oversees technology strategy and information security as CTO and CISO.

7. Jez Humble

Jez Humble is a global thought leader on modern app dev, including DevOps, continuous delivery, agile, and lean. Continuous Delivery: Reliable Software Releases through Build, Test, and Deployment Automation, which Humble co-authored with David Farley, is considered the reference book for continuous delivery. Humble is currently deputy director of Delivery Architecture and Infrastructure Services at the U.S. government's General Services Administration. He dabbles in security and will be talking about "What We Learned from Three Years Sciencing the Crap Out of DevOps" at RSA Conference 2016. The talk is part of a track on rugged DevOps, and partly a discussion of security automation into the software supply chain. 

8. Trevor Hughes

Trevor Hughes, an attorney, is president and CEO of the International Association of Privacy Professionals (IAPP). An adjunct professor of law at the University of Maine School of Law, Hughes speaks frequently about privacy, surveillance, spam, and related issues and has testified before the U.S. House Commerce Committee, the Senate Commerce Committee, the Federal Trade Commission, the Home Affairs Committee of the British Parliament, and the EU Parliament.

9. Chris Romeo

CEO and Founder of Security JourneyRomeo previously worked at Cisco as Chief Security Advocate, in charge of Cisco’s Secure Development Lifecycle (CSDL), working with engineers to ensure security is built into all Cisco products. At Cisco, he also headed its internal application security awareness program launched in 2012. Romeo has 20 years of experience in security and his areas of expertise include application security, penetration testing, and incident response. He blogs at Security Journal, where he disclosed that the most useful class he took in high school was Typing and addressed the topic of how to do Agile without compromising security.

10. Dave Shackleford

Dave Shackleford is lead faculty at IANS (the Institute for Applied Network Security) and founder of Voodoo Security, an information security consulting firm focused on security assessments, risk and compliance analysis, and virtualization security. He is also a SANS Institute analyst, instructor, and course author, a board member of the SANS Technology Institute, and author of the book Virtualization Security: Protecting Virtualized Environments. He specializes in security architecture and operations, vulnerability management and pen testing, virtualization and cloud security, configuration management, and network security and intrusion analysis.

11. Joshua Corman

Joshua Corman is the CTO of app dev security company Sonatype and the co-founder of Rugged Software and IamTheCavalry, two groups that foster the creation of secure computer technologies. Prior to joining Sonatype, Corman worked as a security researcher and executive at Akamai Technologies, The 451 Group, and IBM Internet Security Systems. He's also  adjunct faculty for Carnegie Mellon’s Heinz College and IANS Research, and a fellow at the Ponemon Institute.

12. Johannes Ullrich

Johannes Ullrich, dean of research at the SANS Institute, is in charge of the SANS Internet Storm Center (ISC), whose data collection engine — DShield.org — he founded in 2000. He has a Ph.D. in physics from SUNY Albany and teaches courses on web application security, intrusion detection, IPv6, and other topics.

13. Lenny Zeltser

In his role as product management director at NCR Corp., Lenny Zeltser leads the software and services group in charge of customers' data protection needs. He also teaches digital forensics and malware combat at the SANS Institute. He has co-authored books on network security and malicious software and writes about a broad spectrum of security topics in his blog. He holds an MBA degree from MIT and a computer science degree from the University of Pennsylvania.

14. J. Trent Adams

J. Trent Adams is director of information security at PayPal, where he manages the Ecosystem Security team, focusing on email security, online privacy, identity, and governance. He has been active on several technical standards initiatives, including as chair of DMARC.org, chair of the FIDO Privacy Working Group, and Leadership Council chair of the Kantara Initiative. He also earned three Super Bowl rings while working for the New England Patriots and appeared as an extra in Star Wars: The Force Awakens.

15. Julie Brill

Julie Brill has been commissioner at the U.S. Federal Trade Commission since 2010, where she has distinguished herself for her work on consumer protection in areas such as privacy, financial fraud, and deceptive advertising. AdWeek called her a "hawk" on data privacy, saying she's "a relentless and vocal advocate for more consumer privacy practices," and the International Association of Privacy Professionals (APP) named her Privacy Leader of the Year in 2014.

16. Konstantinos Karagiannis

As chief technology officer for security consulting in BT Americas, Konstantinos Karagiannis, an expert in financial application hacking and network penetration, is in charge of the technical direction of ethical hacking and security engagements. He is BT's lead evangelist for security topics and has spoken at many tech conferences, including Black Hat.

17. Jim Jaeger

Jim Jaeger is chief cybersecurity strategist at Fidelis Cybersecurity, where he is in charge of the company's security services strategy and business. With more than 25 years of experience in the cybersecurity industry, Jaeger previously held leadership positions at the NSA, the Air Force, and General Dynamics, where he was in charge of teams providing services to large government agencies like the U.S. Department of Defense and to major private-sector companies. His areas of expertise include forensic investigations, network incident response operations, network security monitoring and engineering, and assisting with the pursuit and prosecution of cybercriminals.

18. Rick Howard

As chief security officer at Palo Alto Networks, Rick Howard is responsible for overseeing the company’s internal security program, leading its Threat Intelligence Team (Unit 42), and directing the company’s efforts on the Cyber Threat Alliance Information Sharing Group. Previously, he was the CISO at TASC Inc., general manager of Verisign's iDefense, and commander of the U.S. Army’s Computer Emergency Response Team. He's the executive editor of the books Cyber Fraud: Tactics, Techniques and Procedures and Cyber Security Essentials. He curates a list, the "Cybersecurity Canon," of books he deems must-reads for cybersecurity pros.

19. Neil MacDonald

Neil MacDonald is a vice president, distinguished analyst, and fellow emeritus at Gartner, where he focuses on the security of next-generation virtualized and cloud-based computing environments. Topics he covers include endpoint protection, virtualization security, application security, protection of cloud-based workloads, and protection from advanced targeted attacks using context-aware security and big data analytics.

20. Rick Holland

Rick Holland, until recently a Forrester Research analyst covering security architecture, operations, and data privacy, is now vice president of strategy at security company Digital Shadows. Holland served as an intelligence analyst in the U.S. Army and co-chairs the SANS Cyber Threat Intelligence Summit.

21. Kurt Baumgartner

Kurt Baumgartner is a principal security researcher with Kaspersky Lab's Global Research & Analysis Team, where he monitors malware across the Americas. Before joining Kaspersky, Baumgartner worked at Symantec as a vice president of Behavioral Threat Research. His specialties include reversing and analyzing known and unknown malware and identifying unique behaviors and static characteristics. He blogs at https://securelist.com/author/kurtb/.

22. George Kurtz

George Kurtz, CEO and co-founder of big data security company CrowdStrike and McAfee's former CTO, co-authored the popular book Hacking Exposed: Network Security Secrets & Solutions and is a well-known security expert, speaker, and entrepreneur with more than 23 years of experience in the security industry. 

23. Jason Healey

Jason Healey, a former White House director of Infrastructure Protection in the Obama administration, specializes in cyber risk, cyber conflict, crisis management, homeland security, and business continuity. He's currently a senior fellow of the Cyber Statecraft Initiative of the Atlantic Council and a senior research scholar at Columbia University's School of International and Public Affairs. He's the editor of the book A Fierce Domain: Conflict in Cyberspace, 1986 to 2012 and has been a lecturer in cyber policy at Georgetown University and Johns Hopkins University. While in the U.S. Air Force, he earned two Meritorious Service Medals for his work in cyber operations.

24. Michael Kaiser

Since 2008, Michael Kaiser has been executive director of the National Cyber Security Alliance, where he's in charge of promoting Internet security and privacy via public education and outreach efforts aimed at businesses, schools, governments, families, individuals, and nonprofit organizations. His expertise areas include cybersecurity education and awareness, cybersecurity in K-20 education and in business, development of digital communities and coalitions, and public-private partnerships.

25. Rob Graham

Robert Graham is well-known security research who blogs frequently on cybersecurity and cyber-rights issues. He is known for having created BlackICE, sidejacking and masscan. He, and others using his tools, regularly scans the entire Internet, so you’ll see his name in your server logs.

Anyone missing from this list?

Who would you add to this list? Are there other security experts and leaders that we should include in this list? Add your comments below.

class="cta_text"Download 65-Page GuideBest of 2016: Tech & Software Conferences Guide[%|/item]

Topics: Security