Micro Focus is now part of OpenText. Learn more >

You are here

You are here

The top 25 #infosec leaders to follow on Twitter

John P. Mello Jr. Freelance writer

Staying on top of security is a big job, and Twitter can help. Listed here, in alphabetical order, are 25 researchers, hackers, and gurus whose Twitter feeds will keep any security specialist well informed on the latest developments and thinking in the industry.

Dmitri Alperovitch


Alperovitch is co-founder and chief technology officer at CrowdStrike, as well as a senior fellow at the Harvard Belfer Center and at the Atlantic Council. While vice president of threat research at McAfee, he discovered Operation Shady RAT, a wave of cyber attacks believed to be launched by the People's Republic of China on more than 70 organizations around the world.

Paul Asadoorian


Asadoorian is founder and CEO of Security Weekly and Offensive Countermeasures. Most of his tweets promote the podcasts and webcasts of Security Weekly, where he produces content for a network of shows about information security, including "Paul's Security Weekly," "Enterprise Security Weekly," and "Hack Naked News."

Richard Bejtlich


Bejtlich is Senior Director of SplunkCIRT. He was recently strategist at TaoSecurity, where he tried to help members of the digital security ecosystem make better decisions. The TaoSecurity blog of this former intelligence officer with the US Air Force combines digital security with military history. His tweets focus on thinking about security at a strategic level.

Anton Chuvakin


Chuvakin is a research vice president and distinguished analyst at Gartner. His disciplines include computer forensics, intrusion detection, security information and event management, security correlation, log management, security standards, incident response, Unix and Linux security, honeypots, honeynets, and security policy and management.

Graham Cluley


A former executive at Sophos, the UK-based Cluley is co-host of the @SmashinSecurity podcast and an independent blogger who specializes in vulnerability and data breach topics. His blog has won several awards, including one from RSA for being among the most entertaining security blogs.

Jack Daniel


Daniel is a strategist at Tenable Network Security, but his real claim to fame is his work as a technology community activist. He is the co-founder of Security BSides events and co-host of Security Weekly's podcasts. Daniel's tweets reflect much of the curmudgeonly image that has come to be associated with him over the years.

Dan Goodin


Goodin, an old Associated Press hand, is security editor at Ars Technica, where he oversees coverage of malware, computer espionage, botnets, and hardware hacking. His tweets highlight his work at Ars Technica and cover a variety of contemporary security topics.

Matthew Green


Green teaches cryptography at the Johns Hopkins Information Security Institute. His specialties include applied cryptography, privacy-enhanced storage systems, and anonymous crypto-currencies. His tweets primarily focus on crypto, with a smattering of other security topics.

The Grugq


The Grugq is an independent security researcher whose takes on security and counterintelligence are followed by over 92,000 people on Twitter. The Grugq is worth reading for his ability to find and share some of the most relevant, important, and interesting tweets on security and related topics.

Trevor Hughes


Hughes is president and CEO of the International Association of Privacy Professionals and an adjunct professor of law at the University of Maine School of Law. Privacy and data protection are hot topics and will get even hotter now that Europe's General Data Protection Regulation (GDPR) has taken effect. This makes Hughes' tweets on privacy a must-read on Twitter.

Troy Hunt


Hunt is a Sydney-based software architect, web security specialist, and Microsoft MVP for seven years running. He is the curator of haveibeenpwned.com, a site that allows anyone to check to see if their email or username has been compromised in major breaches.

Mikko Hypponen


Hypponen is the chief research officer at Finland's F-Secure. With over 181,000 followers, Hypponen is among the more widely followed security researchers in the industry. His tweets on a wide range of security-related issues are newsy and personal.

Dan Kaminsky


Kaminsky is chief scientist at White Ops, a firm that combats malicious bots on the 'net. He is best known for his work involving DNS cache poisoning. He is one of just seven people with the authority to restore the DNS root keys on the Internet in the event of an emergency. Kaminsky retweets as much as, or even more than, he tweets himself—but is worth following all the same.

Samy Kamkar


Kamkar first gained fame, or notoriety, depending on your point of view, as a 19-year-old. That's when he exploited a security flaw in MySpace that allowed him to gain 1 million friends in a 20-hour period. Banned from using computers for three years after that caper, Kamkar these days is regarded as a brilliant security researcher whose recent exploits include breaking into keyless-entry vehicles and hacking drones.

Eugene Kaspersky


Kaspersky is chairman and CEO of Moscow-based Kaspersky Lab. Over 179,000 people follow his tweets, which cover a wide range of security-related topics, including cybercrime and data breaches.

Dejan Kosutic


Based in Zagreb, Croatia, Kosutic is a specialist in information security standards and business continuity management. He is considered an expert resource on standards like the ISO 27001 and ISO 22301/BS 25999. Kosutic's tweets tend to focus mostly on his specialties, though he frequently touches on other topics as well.

Brian Krebs


A former security reporter at The Washington Post, Krebs has won industry-wide recognition for his work in exposing some of the biggest data breaches ever, including the ones at Target and Home Depot. Krebs has also written several books chronicling his extensive work investigating cyber criminal gangs in Russia and elsewhere.

Daniel Miessler


Miessler is director of advisory services at IOActive, but is widely known for his weekly Unsupervised Learning podcast and newsletter, which compiles the week's most interesting stories in security, technology, and humans. He tweets about a variety of infosec topics, including the IoT, authentication, and asset management.

Charlie Miller


Miller is the principal architect for autonomous-vehicle security at Cruise Automation, a job he earned by gaining notoriety, along with fellow hacker Chris Valasek, for hacking connected motor vehicles. His career has included a five-year stint at the NSA and work on the security teams at Twitter and Uber ATC. He's also well-known in the OS X and iOS communities, especially for remotely compromising an iPhone by sending it a malicious text message.

Rich Mogull


Mogull is security editor at TidBITS and founder and vice president of product at DisruptOPS. The firm's platform gives teams automated and continuous control of cloud infrastructure so they can move faster into the nimbus while strengthening security controls. Many of his tweets focus on cloud security.

Pierluigi Paganini


Paganini is member of the European Union's Agency for Network and Information Security Threat Landscape Stakeholder Group, and the Cyber G7 Workgroup of the Italian Ministry of Foreign Affairs and International Cooperation. His Security Affairs blog was chosen as best European personal security blog in 2016 by Info Security magazine. Most of his tweets refer to his blog writings.

Kevin Poulsen


Poulsen is a reporter for The Daily Beast and author of Kingpin: How One Hacker Took Over the Billion-Dollar Cybercrime Underground. In the 1990s, though, he was known as the blackhat hacker who manipulated the phone company's computers to win radio station contests. Many of his tweets focus on cybercrime and hacking.

Oxblood Ruffin 3.0


A Canadian hacker and member of the Cult of the Dead Cow whitehat hacker group, Oxblood Ruffin is a prolific tweeter, whose sardonic, sometimes risqué takes on politics, religion, technology, and security are entertaining and informative.

Bruce Schneier


Schneier is chief technology officer of IBM Resilient, a fellow at Harvard's Berkman Klein Center, and a board member of the Electronic Frontier Foundation (EFF). He is one of the foremost authorities on encryption in the country and is a highly regarded expert on a range of security and privacy topics. He is one of the creators of the Blowfish cipher algorithm and the author of several books on computer security and privacy. Many of his tweets tease items from his "Schneier on Security" blog.



SwiftOnSecurity likes to make stupid jokes, talk systems security, write science fiction, and use Oxford commas. That's proved to be a popular combination of interests, as it has garnered the parody account more than 225,000 followers on Twitter. For those who like their security news delivered with just the right touch of snark and irreverence, this is a must-follow.

Keep learning

Read more articles about: SecurityInformation Security