The world of cybersecurity changes more frequently than most of us change our socks – and definitely more often than any of us change our passwords. One minute, state-sponsored attackers are compromising federal agency networks via Log4j and the next, hackers are using Google ads to distribute ransomware. If you’re not news-obsessed – and have an actual job to do – you may just miss something.
Thankfully, there are loads (truly loads) of cybersecurity influencers out there who’s blogs, social media accounts, and podcasts filter the stuff you actually need to know about from the stuff you can safely skip so you can get back to work (or, more likely, get back to catching up with season 4 of Manifest). Some of these experts go deep into the inner workings of exploits and events, while others provide a more topical perspective. Whatever your preferred style, there’s probably something you can learn from each of them.
So in no particular order, here is our round up of cybersecurity influencers to follow, as crowdsourced by our in-house experts. Note that as of late, some security professionals have intimated they may have plans to move away from their Twitter accounts to federated platforms like Mastodon due to “company restructuring” but for now, most of them have remained and have promised to update their followers if they do indeed move.
Cybersecurity Blogs and Social Media Influencers
Graham Cluely – As one of the pioneers in AV software and security blogging, there are few who know the industry and all its idiosyncrasies like Cluely. Aside from being a seasoned analyst, he has written for numerous security vendors, inducing Sophos and Tripwire and throughout his career, has maintained his own daily quippy, often humorous, blog on cyber happenings.
Where to find him – https://grahamcluley.com/
Brian Krebs – A celebrated reporter at the WaPo by trade, Krebs got into security as he says “by accident”, after his home network was hacked in 2001. Since then, he has become one of the most venerated voices in the industry, pushing out heavily researched investigative pieces on a consistent basis. If details and journalistic rigor are what you’re into, he is your man.
Where to find him – https://krebsonsecurity.com/ , Twitter – @briankrebs
Katie Moussouris – Trailblazer Moussouris is the role model we all wish we’d known about in college. As one of the first females in security, she established the Microsoft bug bounty program, has built numerous successful security companies, has railed against gender-based injustices within the heavily male-dominated industry, and done so much more. She doesn’t have a blog, but you can follow her on Twitter to learn from her expansive knowledge.
Where to find her: Twitter – @k8em0
Pierluigi Paganini – Security analyst and evangelist Pierluigi Paganini’s blog, Security Affairs, was named a Top National Security Resource by the US and it’s not hard to understand why – with easy to read posts on everything from code exploits, to social engineering, to terrorism, and every other security topic imaginable, this is a fantastic source of knowledge.
Where to find him: https://securityaffairs.co/wordpress/ , Twitter – @securityaffairs
Bruce Schneier – One of the true security greats, Bruce Schnieder is a fellow and lecturer at Harvard’s Kennedy School, a board member of EFF, a prolific and influential author and cryptographer. His blog, Schneier on Security, is a great place to keep up with industry happenings, with a bit of the author’s musings interspersed.
Where to find him: https://www.schneier.com/ , Twitter – @schneierblog
Troy Hunt – Every list needs an Australian (because, oh, the accent) and Troy Hunt occupies that spot on this list. As Microsoft Regional Director and MVP, his blog HaveIbeenpwnd is a bit different from some of the other resources on this list, informing all those brave enough to enter their email of whether their data has been leaked somewhere on the darkweb. His personal website and Twitter account are collections of musing and cybersecurity updates.
Where to find him: https://haveibeenpwned.com/ , Twitter – @troyhunt
Marcus J Carey – Prolific writer, security advocate, and army veteran, Carey has worked in IR, pen testing, and with federal agencies in different capacities. You can find him on twitter where he posts often on trending security topics.
Where to find him: Twitter @marcusjcarey
Rachel Tobac – Going by the moniker of “friendly hacker”, Tobac is an ethical hacker and CEO of SocialProofSecurity. She spends her time training companies on how to avoid phishing and vishing (i.e., voice phishing) scams, showcasing the dangers of the human element. In her spare time, she is also the Chair of the Board for the nonprofit Women in Security and Privacy. Follow her on twitter to read about her adventures in social engineering.
Where to find her: Twitter – @RachelTobac
Joseph Steinberg – A contributor to Newsweek and a Senior Policy Analyst for the Global Foundation for Cyber Studies and Research, as well as a million other just as cool distinctions, Steinberg knows his stuff. He regularly publishes his insights on current cyber events on his blog and twitter.
Where to find him: https://josephsteinberg.com/ , Twitter – @JosephSteinberg
Teri Radichel – As the CEO of 2nd Sight Labs, Radichel is a frequent contributor on Medium where she publishes regular blogs on trending cloud security topics. She is also a frequent contributor on Linkedin and Twitter.
Where to find her – https://www.linkedin.com/in/teriradichel/, https://2ndsightlab.medium.com/
Just Keep on Learning
These are just a few of our favorites but there are so many resources out there so there’s basically no excuse to ever put your brain on hold – ever. Got any to add to our list? We’d be happy to add your favorites here too.