Staying on top of security is a big job, and Twitter can help. Here, in no particular order, is a list of 25 Twitter feeds that you'd do well to follow if you are a security specialist. Each person on the list is an accomplished hacker or researcher whose contributions to information security are helping make the Internet and software safer.
Bruce Schneier
Schneier is one of the foremost authorities on encryption in the country and a highly regarded expert on a range of security- and privacy-related topics. He is one of the creators of the Blowfish cipher algorithm, a fellow at Harvard Law School's Berkman Center for Internet & Society, and the author of several books on computer security and privacy.
Chris Wysopal
A former programmer at Lotus and later a security researcher at hacker collective L0pht, Wysopal was part of a team that warned Congress about gaping Internet vulnerabilities as far back as 1998. Wysopal helped found Veracode, an application security vendor of which he is currently the CTO. A self-professed application security and security-transparency buff, Wysopal's tweets are newsy and cover a wide range of security-related topics.
Jeremiah Grossman
Grossman is the founder and chief technology officer of WhiteHat Security and former information security officer at Yahoo. He is a founding member of the Web Application Security Consortium (WASC) and an expert on all things application security
David Litchfield
Litchfield is not a particularly frequent tweeter, but he is worth following for his insight on database security issues. He has long been a thorn in Oracle's side with his seemingly never-ending vulnerability disclosures in the company's database and other technologies.
Oxblood Ruffin 3.0
A Canadian hacker and member of the Cult of the Dead Cow white-hat hacker group, Oxblood Ruffin is a prolific tweeter, whose sardonic, sometimes risqué takes on politics, religion, technology, and security are entertaining and informative.
Dan Kaminsky
Kaminsky is a security researcher and chief scientist at White Ops. He is best known for his work involving DNS cache poisoning. He is one of just seven people with the authority to restore the DNS root keys on the Internet in the event of an emergency. Kaminsky retweets as much as, or even more, than he tweets himself but is worth following all the same.
The Grugq
The Grugq is an independent security researcher whose takes on security and counterintelligence are followed by over 38,000 followers on Twitter. The Grugq is worth following for his ability to find and share some of the most relevant, important, and interesting tweets on security and related topics.
Dino A. Dai Zovi
Dai Zovi is well known for his work on mobile security, particularly involving the iOS and Mac OS X platforms. A frequent speaker at security confabs, he is the co-author of three books, including the iOS Hacker's Handbook and The Mac Hacker's Handbook. He is currently the mobile security lead at Square.
Mikko Hypponen
Hypponen is the chief research officer at Finland's F-Secure. With over 112,000 followers, Hypponen is among the more widely followed security researchers in the industry. His tweets on a wide range of security-related issues are newsy and personal.
Katie Moussouris
As the chief policy officer for HackerOne, Moussouris is well known for her work on vulnerability disclosure, response, and bug bounty programs. She was a former program manager at Microsoft, where she was involved in initiatives like the company's vulnerability research and bug bounty programs.
Brian Krebs
A former security reporter at The Washington Post, Krebs has won industry-wide recognition for his work in exposing some of the biggest data breaches ever, including the ones at Target and Home Depot. Krebs has written several books chronicling his extensive work investigating cyber-criminal gangs in Russia and elsewhere, and Sony Pictures is currently working on a movie about his work.
Eugene Kaspersky
Kaspersky is chairman and CEO of Moscow-based Kaspersky Labs. Over 144,000 people follow his tweets, which cover a wide range of security-related topics.
Graham Cluley
A former executive at Sophos, the UK-based Cluley is an independent blogger who specializes mostly in vulnerability- and breach-related topics. His blog has won several awards, including one from RSA for being among the most entertaining security blogs.
Anton Chuvakin
Chuvakin is vice president of research with Gartner's security and risk management practices team. He is a specialist in the areas of log management, security standards, and security information and event management. But his tweets touch upon a wide range of other, mostly security-related topics as well.
Dejan Kosutic
Based in Zagreb, Croatia, Kosutic is a specialist in information security standards and business continuity management. He is considered an expert resource on standards like the ISO 27001 and ISO 22301/BS 25999. Kosutic's tweets tend to focus mostly on his specialties, though he frequently touches on other topics as well.
Charlie Miller
Miller is best recognized for demonstrating, with fellow hacker Chris Valasek, how modern, connected cars can be hacked remotely. He is also well known for his exploits with Apple's OS X and iOS products. Miller, who used to be a global network exploitation expert at the National Security Agency, is currently an engineer at Uber.
Chris Valasek
Valasek, who along with hacking partner Charlie Miller was recently hired by Uber, is well known for his research on vulnerabilities in connected automobiles. He was the director of vehicle security research at IOActive Inc. prior to joining Uber.
Richard Bejtlich
Bejtlich is the chief security strategist at FireEye but is better known as the author of TaoSecurity, a blog that combines digital security with military history. The tweets of this former intelligence officer with the U.S. Air Force reflect his focus on thinking about security at a strategic level.
Jack Daniel
Daniel is a strategist at Tenable Network Security, but his real claim to fame is his work as a technology community activist. He is the co-founder of Security Bsides events and co-host of Security Weekly. His tweets reflect much of the curmudgeonly image that has come to be associated with Daniel over the years.
Paul Asadoorian
Asadoorian is the founder of Security Weekly, a popular resource for podcasts and webcasts on security-related topics. A former instructor at the SANS Institute, Asadoorian is currently a product strategist at Tenable Network Security.
Infosec Taylor Swift
Starting with tweets about the HeartBleed bug, Infosec Taylor Swift's commentary on information security has garnered the parody account over 100,000 followers on Twitter. For those who like their security news delivered with just the right touch of snark and irreverence, this is a must-follow.
Samy Kamkar
Kamkar first gained fame, or notoriety, depending on your point of view, as a 19-year-old, when he exploited a security flaw in MySpace that allowed him to gain 1 million friends in a 20-hour period. Banned from using computers for three years after that caper, Kamkar these days is regarded as a brilliant security researcher whose recent exploits include breaking into keyless-entry vehicles and hacking drones.
Joshua Corman
Dmitri Alperovitch
As the co-founder and chief technology officer at Crowdstrike, Alperovitch is best known for his exposé of Operation Shady RAT, a cybercrime operation involving devastating intrusions into dozens of US organizations by suspected Chinese cyber-criminals.
Keep learning
Take a deep dive into the state of quality with TechBeacon's Guide. Plus: Download the free World Quality Report 2022-23.
Put performance engineering into practice with these top 10 performance engineering techniques that work.
Find to tools you need with TechBeacon's Buyer's Guide for Selecting Software Test Automation Tools.
Discover best practices for reducing software defects with TechBeacon's Guide.
- Take your testing career to the next level. TechBeacon's Careers Topic Center provides expert advice to prepare you for your next move.