Staying on top of trends and news should be easy in the information age but still proves difficult. Seeking out the best resources for information and the most trusted voices can seem overwhelming when social media outlets like Twitter make it easy for anyone to comment on topics or share links. Below are 119 Twitter accounts that you should be following in order to be ahead of the IT curve.

Many currently existing lists either include very few women or create separate lists of women. According to the Women’s Society of Cyberjutsu, women make up 50% of the general workforce and 25% of the computing workforce but only 11% of the information security workforce. Our list includes 29 women as well as 1 women’s organization.

There are definitely many other influential InfoSec experts that are worthy of following on Twitter. But we wanted to make sure to highlight this group because we felt they had a lot of relevant expertise in InfoSec and they shared great content. If you have someone that you’d like to show some love to and recommend, please let us know in the comments and we will consider that person for one of our next lists.
 

The IT Industry Experts

Juliette Kayyem – @juliettekayyem
Ms. Kayyem’s list of accomplishments is staggering. She is the founder of Juliette Kayyem Solutions, LLC, one of a limited number of female-owned security companies. She is the Belfer Lecturer in International Security at Harvard Kennedy School. From 2009 – 2010, she was the Assistant Secretary for Intergovernmental Affairs with the US Department of Homeland Security. Moreover, she has been a trial attorney and written a book, Security Mom: An Unclassified Guide to Protecting Our Homeland and Your Home. Ms. Kayyem’s Twitter account focuses on the intersection of government and information security.

Katie Moussouris – @k8em0
Ms. Moussouris helped the US Department of Defense start the
’s first bug bounty program. She’s also a subject matter expert for the US National Body of the International Standards Organization (ISO) in vuln disclosure (29147). Ms. Moussouris’s Twitter account is a collection of personal infosec experiences and of informational shares.
 
Wendy Nather – @wendynather
Although Ms. Nather’s most recent position is as the principal security strategist at Duo Security, she has been working in IT since 1987. She spent 12 years in the financial services industry and 5 years in state government. She specializes in security program management, threat intelligence, risk analysis, identity and access management, security operations and incident response, application security, and security services. Ms. Nather’s Twitter account is a fun intersection of IT, infosec, and memes.

Richard Bejtlich – @taosecurity
Mr.Bejtlich is chief security strategist at FireEye, and was Mandiant’s
Chief Security Officer when FireEye acquired Mandiant in 2013. He is a
nonresident senior fellow at the Brookings Institution and an advisor to
security start-ups. He was previously director of incident response for
General Electric, where he built and led the 40-member GE Computer Incident
Response Team (GE-CIRT). Richard began his digital security career as a
military intelligence officer in 1997 at the Air Force Computer Emergency
Response Team (AFCERT), Air Force Information Warfare Center (AFIWC), and
Air Intelligence Agency (AIA). Mr.Bejtlich is a graduate of Harvard University
and the United States Air Force Academy. His fourth book is “The Practice
of Network Security Monitoring” (nostarch.com/nsm). Mr. Bejtlich’s Twitter account includes insightful comments on published articles as well as links to his own writing.

Anton A. Chuvakin – @anton_chuvakin
Currently a research vice president at Gartner, Inc., Mr. Chuvakin has 16 years experience in the information security industry. He is an expert in SIEM, log management, and PICI DSS compliance and holds a PhD in physics. Mr. Chuvakin’s Twitter account focuses on cyber crimes and security issues.
 
Brian Krebs – @briankrebs
A former reporter for the Washington Post, Mr. Krebs won a PROSE Award in 2015 for his book Spam Nation. In addition to that award, he has won twelve other awards for his IT security blog www.krebsonsecurity.com. Mr. Krebs’s Twitter account discusses current InfoSec issues and the ongoing impact of security weaknesses.
 
Robert M. Lee – @RobertMLee
Named EnergySec’s 2015 Cyber Security Professional of the Year and one of Forbes’s “30 Under 30,” Mr. Lee earns a place as the youngest of the IT Experts. He served as a Cyber Warfare Operations Officer in the U.S. Air Force and writes for Control Engineering and The Christian Science Monitor’s Passcode. While pursuing his PhD at King’s College London, he continues to create a weekly technology and security comic with Jeff Haas called Little Bobby. Mr. Lee’s Twitter account gives insight into the infosec world and shares information that can help educate both experts and non-experts.
 

Joshua Corman – @joshcorman
Currently leading the Cyber Statecraft Initiative, Mr. Corman examines the overlap of national security, international relations, and public safety while trying to find ways to solve the problems of cyberspace. His previous work includes chief technology officer at Sonatype, director of security intelligence at Akamai Technologies, research director at The 451 Group, and principal security strategist at IBM. Mr. Corman’s Twitter account follows his speaking engagements, comments on current InfoSec issues, and includes a little humor.  
 

Jeremiah Grossman – @jeremiahg
Founder of WhiteHat Security and currently chief of security strategy for SentinelOne, Mr. Grossman has been in the IT world since 1998. With his intense background, he has been featured by the Wall Street Journal, Forbes, and The New York Times as well as many other publications. Mr. Grossman’s Twitter account includes everything from jiu-jitsu to hacking video games and brings a career’s worth of experience to every 140 character post.
 
Jason Healey – @Jason_Healey
Currently a Senior Research Scholar in Cyber Conflict Studies at Columbia University, Mr. Healey’s resume stretches back to 1997 and his time working at the Pentagon. His publication credentials include news articles in The Atlantic as well Us News and World Report. In addition, he has published two longer works A Fierce Domain: Conflict in Cyberspace, 1986 to Today (2013) and Cyber Security Policy Guidebook (2012). Mr. Healey’s Twitter account is active with musings and commentary on shared items.
 

Andrew Jaquith – @arj
Although currently working in finance, Mr. Jaquith’s IT employment history places him as one of the top experts in the field. With a career stretching back to the late 1980’s, Mr. Jaquith has proven himself to be one of the rare crossover experts who is equally successful wearing  technological and business hats. Mr. Jaquith’s Twitter account focuses on general interest news as well as information security and is less active than some other accounts.

Dan Kaminsky – @dakami
Mr. Kaminsky may best be known for his work in finding a “skeleton key” in the Internet’s domain name system and is currently one of seven recovery key shareholders who can restore the power of the internet’s root DNS keys. Currently acting as the chief scientist at WhiteOps, Mr. Kaminsky’s Twitter account is active with current events and coder tips.  
 
John Kindervag – @Kindervag
As the vice president and principal analyst serving security & risk professionals at Forrester, Mr. Kindervag brings his 25 years of experience to his writing and his work. Best known for creating the “Zero Trust” model of information security, he has presented extensively at security conferences and been interviewed by top news outlets such as The Wall Street Journal, The New York Times, Forbes, CNBC, PBS, and Bloomberg. Mr. Kindervag’s Twitter account shares stories about science, sports, hacking, and humor.

Troels Oerting – @TroelsOerting
Since 2012, Mr. Oerting has been the acting head of Europol’s Counter Terrorist and Financial Intelligence Centre and head of European Cybercrime Centre. He is a member of the Board of Directors for Global Cyber Alliance and an Expert Member of Interpols Global Cybercrime Expert Group. In addition, he is the group chief information security officer for Barclays. Mr. Oerting’s Twitter account aggregates industry news from a variety of mainstream and non-mainstream websites with an international focus.

Bruce Schneier – @schneierblog
A legend in the field of computer security, Mr. Schneier needs no introduction. He has written several books on cryptology and information security. Some of his books were specific to cryptographers while his four later books were easily accessible to a broader audience. His blog Schneier on Security has been published since 2004 and he’s currently the chief technology officer of Resilient. Mr. Schneier’s Twitter account is an autofeed of his blog but worthwhile for its links to the articles.

Richard Stiennon – @stiennon
Mr. Stiennon has been a fixture in the IT community since the mid-1990’s. He founded RustNet in 1994, one of the first ISPs in the midwest. As the chief research analyst at IT-Harvest, he researched and reported on 1,451 IT security vendors. He has written three books, Surviving Cyberwar, UP and to the RIGHT, and There will Be Cyberwar. Mr. Stiennon’s Twitter account is an excellent cross section of well-curated material affecting information security.  

 

The IT Executives & Software Engineers

 
Ann Barron-DiCamillo – @annie_bdc
Prior to earning her Masters of Science in Computer and Information Sciences, Ms. Barron-DiCamillo was a legislative aide as well as an application developer at The Motley Fool. Since then, she has distinguished herself through work in public and private sectors. Most recently she served as Director of US-CERT at the Department of Homeland Security where she led efforts to respond to incidents and analyze threats. She is currently advisor to the cyber security medical advisory board at St. Jude Medical and vice president of cyber threat intelligence and incident response at American Express. Ms. Barron-DiCamillo’s Twitter account is a good mixture of information security issues that affect or are affected by public and private issues.

Lesley Carhart – @hacks4pancakes
During her 5 years as a non-commissioned officer in charge of cyber transport for the US Air Force Reserve, Ms. Carhart also worked as  security incident response team lead for Motorola. She specializes in digital forensics, with a background in tactical communications, radio, and Cisco networking. Ms. Carhart’s Twitter account shares observations as well as information from both mainstream and non-mainstream media.
 
Emili Evripidou – @Emil_i
Currently working for the Cooperative Central Bank in Cyprus, Ms. Evripidou previously worked as an information security manager at Deloitte. She has also worked at Ernst & Young as well as Accenture. While at Ernst & Young and Accenture, her specialties included banking and securities, insurance, and oil and gas. Ms. Evripidou’s Twitter account focuses on the economic and business side of information security.
 
Cecily Joseph – @CecilyJosephCR
Serving as Symantec’s vice president of corporate responsibility, Ms. Joseph has a law degree and 20 years of building programs in ethics and compliance. She served as an expert in residence and executive faculty at Presidio Graduate School from 2012-2013 and worked at Veritas Software Corporation from 1992 through 2005. Ms. Joseph’s Twitter account focuses on diversity and environmental issues impacting the technology world.

Kelly Lum – @aloria
Possibly one of the geekiest women on the list, Ms. Lum is currently a Security Engineer at Tumblr the land of memes and fandoms. Her employment history includes work in fintech as well as military information security. She is also currently an adjunct professor at NYU Polytechnic School of Engineering teaching graduate programs. Ms. Lum’s Twitter account mixes personal, political, and professional tweets while keeping her posts light and fun.

Window Snyder – @window
Having spent 5 years at Apple working on iOS and OS X security, Ms. Snyder worked at Mozilla as a “Chief Security Something-or-Other.” Her current role is as chief security officer at Fastly. She also co-authored Threat Modeling, a manual for security architecture analysis software.  Ms. Snyder’s Twitter account is selective in sharing and always interesting.
 
Parisa Tabriz – @laparisa
Calling herself the “Princess of Security,” Ms. Tabriz is currently the director of engineering at Google. She started as a security intern with Google in 2006 and has worked there for most of her career. She spent 2 years working at the United States Digital Service where she advised the Executive Office of the President on enhancing network security and helped assess the OCS project. Ms. Tabriz’s Twitter account shares articles that are relevant to the infosec community as well as Tweets she finds interesting.

Sandra Toms – @sandra001
Since 1998, Ms. Toms has been the VP and curator of the RSA Conference. After earning her juris doctorate and passing the bar exam, she went on to work with at a law firm, then moving on to Novell, Madge Networks, and Nortel Networks. Ms. Toms’s Twitter account focuses on information relevant to the RSA Conference.
 
Tony Arcieri – @bascule
In November 2016, Mr. Arcieri moved from Square to become a Software Engineer at Chain, an infrastructure tech company with a focus on financial asset transactions on permissioned blockchain networks. He previously worked as a software engineer for LivingSocial, Strobe, Inc., and Nagravision. Mr. Arcieri’s Twitter account shares insightful articles not just from mainstream infosec websites but also from bloggers that might not be found through traditional reading.

Caleb Barlow – @calebbarlow
As the vice president at IBM Security, Mr. Barlow is a leading voice in IBM’s new security headquarters and in completing the overhaul of the operations watch floor. He is an advisory board member for the United Nations Population Fund, a global social media campaign to spread awareness of population growth. Mr. Barlow’s Twitter account is an example of his appreciation for and use of social media.

Michael Coates – @_mwc
As the chief information security officer at Twitter, Mr. Coates is definitely a Twitter account to follow. In addition, he is the former chairman and current member of the global board of directors for OWASP. He is also one of the brains behind making Mozilla Firefox one of the most secured web browsers having led the security assurance program from 2010-2013. Mr. Coates’ Twitter account is a destination for reading responses on Twitter from other InfoSec professionals who share experiences and ideas.
 
Cesar Cerrudo – @cesarcer
 When IOActive Labs acquired Argeniss Consulting, Mr. Cerrudo followed the company he had founded. As CTO for IOActive Labs, he acts as the main liaison between IOActive and CERT. He leads cutting edge research on Industrial Control Systems/SCADA, Smart Cities, the Internet of Things and software and mobile device security. Mr. Cerrudo’s Twitter account focuses on his insights on the InfoSec issues facing the IT community as well as sharing content.
 
E.J. Hilbert – @ejhilbert
Currently the director of cyber security and privacy at PwC, Mr. Hilbert’s experience includes working with the FBI as well as being the director of security enforcement for MySpace.com. He led one of the FBI’s largest cyber-crime investigations and serves as an online undercover agent using social media sites and chatrooms. Mr. Hilbert’s Twitter account discusses his opinions on the societal impacts of hacking and includes general news items.
 
Alex Ionescu – @aionescu
With over 15 years of experience in Windows Internals and kernal programming, Mr. Ionescu also has 5 years experience in ARM Embedded Hardware and Kernel Development as part of the iOS team. Being able to cross over between platforms makes him an expert on the overall technology landscape. As the vice president of EDR strategy at CrowdStrike, Mr. Ionescu’s current work focuses on new security-related technologies, and he continues to offer OS internals support. Mr. Ionescu’s Twitter account focuses heavily on technical security discussions and his own ideas.
 
Adam Langley – @agl__
Mr. Langley is a Google employee who also hosts his own active blog about computer programming. His blog focuses on various issues surrounding cryptography. Mr. Langley’s Twitter account shares technical content about cryptology.
 
Avram Marius Gabriel – @securityshell
 Mr. Gabriel earned numerous honors over the course of his career. These includes the PayPal Wall of Fame, Google Security Hall of Fame, Facebook White Hat, and Microsoft Security Researcher Acknowledgements. Mr. Gabriel’s Twitter account aggregates articles that expose security risks.
 
John Oberheide – @jonoberheide
 As the founder and CTO of Duo Security, Mr. Oberheide is an expert executive in information safety. Duo Security is used by over 5,000 organizations including 3 of 5 top social networks to integrate dual authentication. Additionally, he holds a PhD from the University of Michigan. Mr. Oberheide’s Twitter account shares some Duo information but focuses on various information security insights.

Martin Roesch – @mroesch
After Mr. Roesch’s company Sourcefire was acquired by Cisco Systems in 2013, he was made vice president and chief architect of Cisco’s Security Business Group. He has developed products for GTE Internetworking, Stanford Telecommunications, Inc., and the US Department of Defense. New sources such as MSNBC, the Wall Street Journal, CNET, ZDNet, and Scientific American have interviewed him. Mr. Roesch’s Twitter account is active with discussions, retweets, and information shares.

Chris Valasek – @nudehaberdasher
 Since September 2015, Mr. Valasek has been the security lead at Uber’s Advanced Technologies Center. Prior to this, he worked as the director of vehicle security research at IOActive, Inc, and as senior security research scientist for Coverity and Accuvant. In addition, Mr. Valasek published “Windows 8 Heap Internals” for Black Hat USA 2012.  Mr. Valasek’s Twitter account is a combination of Pittsburgh sports and IT posts.
 
Lenny Zeltser – @lennyzeltser
 With an undergraduate degree in Computer Science from University of Pennsylvania and an MBA from MIT, Mr. Zeltser runs the gamut of technology and business education and experience. Currently the director of security solution management at NCR Corporation, he oversees product managers and engineers to provide customer satisfaction. He is also a SANS Institute Senior Faculty member as well as a member of the board of directors at SANS Institute. Mr. Zeltser’s Twitter account curates content unique to his perspective.

 

The Security Thought Leaders

John Bristowe – @JohnBristowe
Although currently a manager at Progress, Mr. Bristowe is well known within the InfoSec community having presented at developer conferences and events. He has a variety of Microsoft certifications and his specialties include software development, ecosystem strategy, technical product marketing, enterprise engagement, cloud strategy, enterprise architecture, and solution architecture.  Mr. Bristowe’s Twitter account is an energetic account that cross shares humor as well as useful articles.

Nicolas Brulez – @nicolasbrulez
 At 15, Mr. Brulez began reverse engineering, and since then, he has become an expert in the field of malware. Working with Kaspersky Labs, he focuses on complex malware research and targeted attacks. His publications include “The ‘Madi’ Infostealers – a Detailed Analysis” and “Energetic Bear – Crouching Yeti.” Mr. Brulez’s Twitter account is a good cross section of retweets, marketing, and his own thoughts.
 
Luis Corrons – @Luis_Corrons
 With 15 years of security experience, Mr. Corrons specialized in the malware field. His  recent work as the technical director at PandaLasbs focuses on malware research. He is also a member of the board of directors for Malicious URLS Tracking and Exchange (MUTE) and at the Anti-Malware Testing Standards Organization (AMTSO). His writing can be found at WildList.org. Mr. Corrrons’s Twitter provides insight  into the malware software industry.

Matthew Green – @matthew_d_green
 After working in computer engineering for five years, Mr. Green returned to school and earned a PhD in Computer Science  from Johns Hopkins University, where he is currently an assistant professor. He worked at CTO as an independent security evaluator for 6 years before joining academia to focus on teaching cryptology. Mr. Green’s Twitter account incorporates an academic’s viewpoint as well as humor and news articles.
 
Mikko Hypponen – @mikko
 Another malware specialist, Mr. Hypponen is considered one of the top thinkers  in the industry. He is on the advisory boards for T2 and The Lifeboat Foundation.  His TED Talk from 2011 remains the most watched computer security talk on the Internet.  Although not the most active account on the list, Mr. Hypponen’s Twitter account tends to incorporate Microsoft security jokes as well as useful articles and videos.
 
Eugene Kaspersky – @e_kaspersky
Chairman and CEO of Kaspersky Lab, Mr. Kaspersky has been in the information security industry for 27 years, first as an anti-virus researcher and then as a business person creating anti-virus software. He spent 6 years in Russia working with the KAMI Information Technology Center. Mr. Kaspersky’s Twitter account shares reviews and information relating to malware and cyber-safety from across the web.
 
Ryan Naraine – @ryanaraine
Another Kaspersky Lab team member, Mr. Naraine’s focus since 2013 had been on malware and IT security articles. He was a senior editor at eWEEK Magazine and continues to be a lead blogger at ZDNet. Currently, he heads the global research & analysis team at Kaspersky Lab. Mr. Naraine’s Twitter account shares and responds to news that impacts the IT security industry.
 
Peter Vreugdenhil – @WTFuzz
As co-founder of Exodus Intel, Mr. Vreugdenhil is a leader in both security analysis and security research. His publications include “Adobe Sandbox: When the Broker is Broken” and “Advanced browser exploitation.” Mr. Vreugdenhil’s Twitter account is professionally focused, sharing Exodus Intel blog articles as well as his own thoughts on IT.

The InfoSec Writers

 
Eleanor Dallaway – @InfosecEditor
 Ms. Dallaway, who has worked at InfoSecurity Magazine since 2006, is currently the editor and publisher of the well known InfoSec resource. She also writes for The Guardian on topics including creative data, the Internet of Things, and the public sector.  Ms. Dallaway’s Twitter account shares information not just from her publication but from several others across the web.  
 
Jen Ellis – @Infosecjen
 Having worked her way up at Rapid7, Ms. Ellis has an impressive PR career there over the last six years. Her focus is on explaining risk exposure for consumers and organizations to help people protect themselves. To achieve this, she works with researchers to collaborate with legislators and industry to reduce risk. Ms. Ellis’s Twitter account is a mixture of current events and information security news.
 
Jennifer Leggio – @mediaphyter
 Not only is Ms. Leggio a writer for Forbes.com and CBSInteractive/ZDNet, she also co-manages the Security Bloggers Network and has been running the Security Bloggers Meet-Up at RSA Conference since 2007. She currently works as the chief marketing officer for Flashpoint, a company that has expertise in both the deep web and the dark web. Ms. Leggio’s Twitter account discusses current events as well as InfoSec information relevant to the industry.
 
Neira Jones – @neirajones
 From across the pond, Ms. Jones brings more than 20 years of experience to her writing and speaking engagements. Her focus is on financial technology. Tripwire and CEOWorld magazine both nominated her as a top influencer to follow on Twitter.  Ms. Jones’s Twitter account focuses on financial services technologies.
 
Nicole Perloth – @nicoleperlroth
 Currently working on a cybersecurity book, This Is How They Tell Me The World Ends for Penguin/Portfolio books, Ms. Perloth is also a writer at The New York Times. Her 2014 Times profile of Brian Krebs, well known InfoSec blogger, has been optioned by Sony Pictures. Ms. Perloth’s Twitter account focuses on accessible explanations of information security.
 
Bev Robb – @teksquisite
 Having worked in IT since the mid-1990’s, Ms. Robb currently spends her time focusing on writing about InfoSec. Not only was she media manager for Fortscale, but she was also the publication manager for Norse Corporation. She has experience in research the Darknet cybercriminal ecosystem. Ms. Robb’s Twitter shares information from sources she deems reputable that may not be found in mainstream media.
 
Runa Sandvik – @runasand
 Director of information security at The New York Times, Ms. Sandvik teaches digital security to journalists and helps media organizations with their security posture. She is also a member of the Black Hat Europe Review Board. Ms. Sandvik’s Twitter account focuses primarily on New York Times news as well as other current events related to information security.
 
Michelle Schafer – @mschafer

Like a few others, Ms. Schafer’s specialty is public relations. Her deep knowledge and technical understanding of the security landscape gives her insight into how to approach storylines and PR campaign for IT and InfoSec companies. Ms. Schafer’s Twitter account shares news focusing on the business side of infosec.

Paul Asadoorian – @securityweekly
 As founder and editor of Security Weekly, Mr. Asadoorian brings a hefty publishing resume with him. He’s published for SANS, Brown University, and GIAC. His career started in 2001 giving him 16 years of experience in IT and InfoSec. Consisting of written, audio, and video blog posts, Security Weekly provides multimedia opportunities to keep fans up to date even on the go. Mr. Asadoorian’s Twitter account is active and incorporates humor as well as informative posts.

Graham Cluley – @gcluley
 Mr. Cluley’s experience in the IT community started in the early 1990’s giving him almost 20 years experience with security. Between 1999 and 2013, he wrote for the well known website Naked Security. He has spoken at events and conferences around the world. Mr. Cluley’s Twitter is a great way to follow new blog postings as well as articles that he thinks would help his readers.
 
Jack Daniel – @jack_daniel
 Currently on staff at Security BSides, Tenable Network Security, and Security Weekly, Mr. Daniel has earned the Microsoft MVP for Enterprise Security, CCSK, Increasingly Reluctant CISSP. His specialties include network security, analysis and design, and cloud computing. Mr. Daniel’s Twitter account is an enjoyably irreverent list of musings about life, the universe, and infosec.
 
Dark Reading – @DarkReading
 With a wide array of information available on its website, Dark Reading has long been considered one of the top InfoSec blogs that also provides community for those in the industry. This community includes not just thought leaders, but also CISOs, technology specialists, and security professionals. The Dark Reading Twitter account is a great way to follow the blog to get overviews of the articles posted.
 
Dan Goodin @dangoodin001
As a writer for Ars Technica and Krebs on Security, Mr. Goodin has been writing about white-hat, grey-hat, and black-hat hacking since 2005. He has a journalism background and has worked for the Associated Press and The Register. Mr. Goodwin’s Twitter account shares his thoughts, views, politics, and articles not written by him.
 
Troy Hunt – @troyhunt
 As an author at Pluralsight, Mr. Hunt focuses on helping people obtain the education and information needed to be successful in the IT industry. As director at Superlative Enterprises, he maintains a careers as a software consultant. In 2011 he was named Microsoft MVP of the Year, and he has also distinguished himself working for Pfizer. Mr. Hunt’s Twitter account is interactive and incorporates his ongoing activities as well as news bits.
 
Rob Lemos – @roblemos
 Mr. Lemos’s writing resume starts in 2007 writing for ZDNet. In addition, he has worked with CNET, PC Magazine Conde Nast, Symantec, MIT Technology Review, CXO Media, InfoWorld, Dark Reading, eWeek, and PCWorld.com. He has won 5 awards for his writing. His current specializations are network and computer security, cybercrime, cyberconflict, enterprise technology, and space science. Mr. Lemos’s Twitter account may not be very active but what he curates is always unique and interesting.

 Jim Marous – @JimMarous
 As the owner and publisher at Digital Banking Report and co-publisher at The Financial Brand, Mr. Marous is considered one of the Top 5 Fintech Influencers to Follow. He has advised the White House on banking policy. CNBC, CNN, The Wall Street Journal, The New York Times, The Financial Times, and many other news outlets have featured him. Mr. Marous’s Twitter account focuses on Fintech but is also a great place to watch for shifts in the approach to technology and information.

 Morgan Marquis-Boire – @headhntr
 Mr. Marquis-Boire’s diverse background includes 6 years as senior security engineer at Google, serving as an advisor to Amnesty International, and being considered a Young Global Leader of the World Economic Forum. Currently, he serves as director of security for First Look Media. Mr. Marquis-Boire’s Twitter account incorporates politics, music, and infosec.
 
Thor Olavsrud – @ThorOlavsrud
 Having worked in technology journalism since 2000, Mr. Olavsrud brings with him the experience to report on new technologies. He writes for an audience of CIOs and IT leaders focusing on the business applications of technology. Mr. Olavsrud’s Twitter account shares his articles as well as other articles that match his business-focused lens.
 
Graham Penrose – @GrahamPenrose2
Mr. Penrose’s international career in InfoSec has taken him from South Africa to London to Algeria to Oman. Currently, he’s a community member a Peerlyst, owner of TMG Corporate Services, and a blogger for AirGap Anonymity Collective. AirGap Anonymity Collective discusses international InfoSec issues keeping up with regulatory and legal trends. Mr. Penrose’s Twitter account is active with discussions and responses as well as shared articles.
 
Jérôme Segura – @jeromesegura
In 2016, Mr. Segura published “Operation Fingerprint: A Look Into Several Angler Exploit Kit Malvertising Campaigns.” on  the Malwarebytes blog. In addition, his research focuses on web-based malware research and fraud/cyber-crime research. Mr. Segura’s Twitter account is technical and professional, sharing articles from Malwarebytes as well as other cryptology and cyber-crime focused articles.  
 
Ashkan Soltani – @ashk4n
 On the 2014 Pulitzer Prize winning team for his contributions to the Washington Post’s coverage of national security issues, Mr. Soltani is well known for his journalistic integrity. He has advised the FTC and the White House on security issues and currently acts as a litigation expert. Mr. Soltani’s Twitter account focuses on the importance of information security and civil liberties with a dash of popular culture thrown in for good measure.

Dave Whitelegg – @SecurityExpert
 Founder and author at the IT Security Expert Blog, Mr. Whitelegg’s work has led to him being on UK national television and radio. In 2016, he took position as Cyber Threat & INtelligence Manager at Capita, PLC where he devises and operates their Cyber Threat Assessment, Cyber Risk Management and Threat Intelligence strategy. Mr. Whitelegg’s Twitter account shares stories from UK news outlets and gives international insight.
 

The Security Consultants

 
Christina Ayiotis – @christinayiotis
 Currently a cybersecurity and information governance consultant, Ms. Ayiotis has a  law degree and has used it to serve in various positions including director of knowledge management, global financial services industries at Deloitte Touche Tohmatsu. From 2008 to 2011, she served as deputy general counsel at CSC. In addition, she spent 7 years as adjunct faculty in George Washington University’s Department of Computer Science. Ms. Ayiotis’s Twitter account shares articles from a variety of sources, predominantly in the business sector.  

Debra J. Farber – @privacyguru
 After completing her law degree in 2005, Ms. Farber went on to begin her career as a privacy analyst where she contributed to Privacy & American Business, a privacy industry newsletter. Currently, she is the vice president of business development at NotSoSecure, co-founder/board member/chair of social media and PR committee/training development lead for Women in Security and Privacy, advisor at BigID, editorial board member of Cyber Security: A Peer-Reviewed Journal, founder and CEO at Stealth Mode Privacy Startup, Executive Faculty at IANS, and CIPT Exam Development Advisory Board Member.  Ms. Farber’s Twitter account actively promotes information privacy as well as women in infosec.
 
Erin Jacobs – @SecBarbie
 Founding partner at Urbane Security, Ms. Jacobs currently helps customers identify business goals and IT challenges to provide tailored solutions. She has 15 years of experience in the field and has presented has won various awards within the InfoSec community. Ms. Jacobs’s Twitter account shares information about the infosec world as well as her experiences in that realm.
 
Shannon Leitz – @devsecops
 WIth a background in development, security and operations, Ms. Leitz wanted to try to evoke change in the security industry. To do this, she founded the DevSecOps Foundation. Currently, she works at Intuit as the leader and director of DevSecOps focusing on cloud security. Ms. Leitz’s Twitter account focuses on news from DevSecOps as well as other professional publications.
 
Allison Miller – @selenakyle
 Ms. Miller works on product strategy for security at Google. An expert in online security, fintech, and security analytics, she is program chair of the O’Reilly Security Conference, holds Board roles with ISC(2) and SIRA, and is a Trustee for the Center for Cyber Safety and Education. Ms. Miller’s Twitter account shares not just information security information but also bad puns, terrible math jokes, and fun tweets she finds interesting.
 
Jennifer Minella – @jjx
Ms. Minella’s long resume includes the (ISC)2 Board of Directors, contributing analyst for Securosis, faculty member at IANS, and VP of engineering at Carolina Advanced Digital, Inc. She has also authored Low Tech Hacking and ISC2 Official CISSP v9 Courseware. Ms. Minella’s Twitter account is a mixture of personal interests, personal insights, and information security issue.

 
Soraya Viloria Montes de Oca – @GeekChickUK
 A self professed geekgrl, Ms. Montes de Oca is also the founder of Women in Security. She is a co-founder of Security B-Side London and has worked in IT since 1991. Ms. Montes de Oca’s Twitter account incorporates personal tweets as well as informational and insightful infosec shares.  
 
Masha Sedova – @modMasha
 Ms. Sedova’s work focuses on social engineering and the gamification of security awareness to drive employees to want to be secure. Although she has worked on vulnerability assessments, she focuses her efforts on employee awareness. Her specialties include digital forensics, security training, information assurance, systems and network security, and incident analysis and recovery. Ms. Sedova’s Twitter account focuses on the human element of the information technology space.

 Georgia Weidman – @georgiaweidman
Ms. Weidman authored “Penetration Testing: A Hands-On Introduction to Hacking,” but she is also the founder and CEO of both Shevirah, Inc and Bulb Security, LLC. While Bulb Security, LLC is a traditional penetration testing company, Shevirah focuses on mobile devices. Ms. Weidman’s Twitter account focuses on information relevant to penetration testing and trends more toward technical information.
 
Magen Wu – @tottenkoph
 Currently a senior consultant at Rapid7, Ms. Wu has worked in IT since 2008. Her experience includes working at Protiviti as well as being a test engineer at Xversity. She is PCI QSA certified, holds three degrees from St. Petersburg College and a Master’s Degree from Southern New Hampshire University. Ms. Wu’s Twitter account is a fun blend of infosec and personal insights that includes psychology articles as well.

Duane Baker – @DBaker007
 Starting with his first job at Northwest Ohio Computer Association in 1981, Mr. Baker’s careers is one of the longest ones on the list. Today, he is a self-employed IT consultant providing services to various organizations and companies in Ohio. Mr. Baker’s Twitter account actively shares insights and articles from across the web.
 
Dino Dai Zovi – @dinodaizovi
 Co-founder and CTO of the new venture Capsule8 which provides Linux threat protection, Mr. Dai Zovi was previously the mobile security lead at Square and chief scientist at Endgame. He co-authored The iOS Hacker’s Handbook, The Mac Hacker’s Handbook, and The Art of Software Security Testing. Mr. Dai Zovi’s Twitter account talks about his experiences as well as news.
 
Dan Guido – @dguido
 In 2012, Mr. Guido co-founded Trail of Bits, an information security firm that has clients ranging from Facebook to DARPA. Previously, he spent nearly 7 years teaching at the NYU Tandon School of Engineering during which time he also was a senior security consultant for iSEC Partners. Mr. Guido’s Twitter account is a good mix of memes, social issues, and information security concerns.
 
Brian Honan – @BrianHonan
 Mr. Honan’s specialties include ISO 27001, InfoSec, security risk management and compliance, service level agreements and service level management, operational management, business continuity and disaster recovery, and information security incident response. He is a member of the advisory boards at DataGravity, CipherCloud, GiveADay, and Europool Cybercrime Centre. His consulting firm BH Consulting has been providing services since 2004. Mr. Honan’s Twitter account has useful information about ID theft and legal issues around security.

 Jesper Jurcenoks – @jesperjurcenoks
 As senior product manager at Alert Logic, Mr. Jurcenoks leads vulnerability research for a cloud service company. In 2016 he won the Cybersecurity Excellent Awards in Vulnerability Management. He is president of the Diablo Valley School, California’s oldest Sudbury School, and has also been chairperson of the board for NeighborhoodGuard.org. Mr. Jurcenoks’s Twitter account shares information security insights from across the web with his own input added.
 
Bill McCabe – @IoTRecruiting
 With an extensive IT career history dating back to the mid-1990’s, Mr. McCabe’s views bring with them the benefit of having been integral to InfoSec’s evolution. For the last 17 years, he has run his SoftNet Search Partners consulting firm that matches InfoSec employees with companies that need them. Mr. McCabe’s Twitter account focuses on IoT and recruiting, bringing in a lot of useful information regarding InfoSec and IT trends.
 
Tarjei Mandt – @kernelpool
 As the senior security researcher at Azimuth Security,Mr. Mandt works with another one of the follows suggested in this piece, John McDonald. His specialties are vulnerability research, exploit development, Windows and operating system internal, reverse engineering, malware & rootkits, low-level programming, and device driver development. Mr. Mandt’s Twitter account focuses on sharing articles of interest and retweeting other industry members.
 
Mark Dowd – @mdowd
 During his tenure information security, Mr. Dowd has helped remediate vulnerabilities in Sendmail, Microsoft Exchange, OpenSSH, Internet Explorer, Mozilla Firefox, Adobe Flash, Checkpoint VPN, and Microsoft’s SSL implementation. He is currently the director and founder of Azimuth Security, a firm that performs network security assessment, host security assessment, web application assessment, and software security assessments. Mr. Dowd’s Twitter account is a fun source of information and musings as well as updates to his speaking engagements.

 Sean Metcalf – @PyroTek3
 A Microsoft MVP and one of about 100 Microsoft Certified Masters in the world, Mr Metcalf is founder and Principal Consultant for Trimarc Security, LLC.  Mr. Metcalf performs Active Directory security research, the results of which he shares on ADSecurity.org as well as presenting at security conferences across the U.S., including Black Hat, BSides, DEF CON, DerbyCon, and Shakacon. Mr. Metcalf’s Twitter account shares interesting and useful Microsoft platform security resources.

 Shawn Moyer – @shawnmoyer
 With a great sense of humor to accompany his experience as a founding partner for Atredis Partners consulting firm, Mr. Moyer is an example of entrepreneurship in the InfoSec realm. He is a ten-time speaker at the Black Hat briefings, and his research has been featured in the Washington Post, BusinessWeek, NPR, and The New York Times. Mr. Moyer’s Twitter account is a mix of InfoSec and popular culture musings.
 
Thomas H. Ptáček – @tqbf
 With a strong sense of humor and several startup companies in his past, Mr. Ptacek recently announced his newest venture Lacatora, an IT security firm for small start ups. Previously, he worked on a code-to-play game called Starfighter. Mr. Ptacek’s Twitter account is far less formal than many of the other consultants listed but brings with it a sense of insider knowledge.
 
Will Schroeder – @harmj0y
 While at Veris, Mr. Schroeder has acted as a technical expert for the Department of Homeland Security’s National Cybersecurity Assessment and Technical Services (NCATS) program. HIs focus is offensive security in which he holds both the OSCP and OSCE certifications. He has presented at SchmooCon, DEF CON, Derbycon, Troopers, and several Security BSides conferences. Mr. Schroeder’s Twitter account links to his blog as well as to other lesser known resources that give deeper insight into information security.

 Dave Shackleford – @daveshackleford
 Founder and principal consultant at Voodoo Security, Mr. Shackleford is also a senior instructor at the SANS Institute. He was lead faculty at IANS for 6 years prior to that and has worked with the Blue Heron Group as well as being a VMware vExpert at Virtualization Security. Mr. Shackleford’s Twitter account keeps followers updated with his webinars and with news about the infosec community.
 
Matt Suiche – @msuiche
In 2009, Mr. Suiche was recognized as a Microsoft Most Valuable Professional for discovering security flaws in Microsoft Windows. In January 2016, he founded Comae Technologies that provides responsive capabilities to law enforcement & enterprises for investing and solving cyber-attacks. Mr. Suiche’s Twitter account shares not only mainstream news but also industry blogs that may fall below the radar.
 
James Tarala – @isaudit
 Unlike others on this list, Mr. Tarala focuses on audit. As principal consultant at Enclave Security, he specializes in using governance assessments and audit as tools to improve IT and overall business revenue. He is also a senior instructor at SANS Institute. Mr. Tarala’s Twitter account distinguishes itself by sharing audit information as well as general InfoSec articles.
 
Chris Wysopal – @WeldPond
 With experience working with hacker think tank The L0pht, Mr. Wysopal co-founded Veracoee which pioneered using automated static binary analysis to discover vulnerabilities in software. He was director of development at Symantec and is currently on the Black Hat Review Board. Mr. Wysopal’s Twitter account reaches nontraditional noncorporate areas of the InfoSec community.

 

The Information Security Conferences

 
Women in Security & Privacy – @wisporg
 While not strictly a conference, the Women in Security & Privacy (also known as WISP for short) organization is financially sponsored by Community Initiatives and works to help support and promote women in the InfoSec community. Moreover, the events page of the WISP’s website has events at conferences where women in infosec can meet to network or discuss diversity issues. The WISP Twitter account focuses on the work women in security and privacy do as well as places and meetings for them to network.

AppSec – @appsecusa
 The software security conference is for developers, auditors, risk managers, technologists, and entrepreneurs. The money from AppSec goes to fund free, open source OWASP projects. The Official AppSecUSA Twitter account and the Official AppSecEU Twitter account provide updates about the conferences and links to panel videos afterward.
 
Black Hat – @BlackHatEvents
Black Hat is one of the most technical conferences. Throughout the weekend, it provides briefings, trainings, and has a review board that advises on strategic direction. Black Hat appeals to security practitioners, security executives, business developers, venture capitalists, vendor companies, career seekers and recruiters, and academics over the age of 18. The Black Hat Twitter account provides insider resources regarding the most updated malware and hijacks.
 
BSides Series – @SecurityBSides
 Security BSides is less a single conference than an overall community approach to meeting with other professionals in the industry. Unlike traditional conferences, BSides events can be either structured like a formal conference or unstructured. Unstructured events involve showing up, bringing ideas, and talking about them. The BSides Twitter account shares calls for papers, upcoming conference locations, and other important event information.
 
DEF CON – @defcon
 DEF CON is the hacker conference to attend. Focused around hacking, this is the most technical of all the conferences. The conference is best for those who engage in penetration testing. Workshops from 2016 included Practical Android Application Exploitation and Pragmatic Cloud Security. The DEF CON Twitter account keeps followers updated about the annual event but also shares important information security articles.
 
HITB Security Conference – @hitbsecconf
 Hack in the Box (HITB) Security Conference is an annual conference for security researchers. The events include two days of training and a two-day multi-track conference with technical talks. The conference also offers a Capture the Flag ‘Live Hacking” competition and Developer Hackathon and a CommSec VIllage and Technology Showcase area. The HITB Security Conference Twitter focuses specifically on updates to the conference schedule, particularly speakers.

 InfoSecurity Europe – @Infosecurity
 InfoSecurity Europe has over 200 conference sessions, 360+ exhibitors, and various opportunities to earn CPE/CPD credits. 2016’s workshops ranged from CrowdStrike’s Adam Meyer presenting “Hand to Hand Combat with an Advanced Attacker- Identifying and Stopping the Breach” to LinkedIn’s CISO Cory Scott presenting “Next-Gen CISO: How to be a Successful Security Leader of the Future.” The InfoSecurity Europe Twitter account is an excellent source of updates and European infosec coverage.

 InfoSec World Expo – @InfoSec_World
 InfoSec World Expo is presented by MIS Training Institute. This conference presents lecture style and hands-on pre-conference workshops. With titles like “How to Prepare For, Respond to, and Recover From a Security Incident” lecture-style workshop and “Mainframe Security: Hands-On Audit and Compliance” hands-on workshop, InfoSec World Expo has registrants covered for all their security needs. In addition, it includes breakout groups for CISO leadership, cloud security, and risk management so that individuals working in these areas can network and share ideas. The InfoSec World Expo Twitter account keeps readers abreast of updates to the conference as well as important breaking news.

 RSA Conference USA – @RSAConference
 RSA Conference USA is the place to see and be seen in the InfoSec world. The key note speakers range from industry stars such as Ed Skoudis who teaches cyber-incident response classes and Johannes Ullrich, founder of the Internet Storm Center, to celebrities like Seth Meyers and Neil deGrasse Tyson. Sessions are broken down into a series of topics: analytics, intelligence, and response; application security and devops; c-suite view; cloud security and virtualization; cryptography; governance, risk, and compliance; hackers and threats; the human element; identity; law; mobile and IoT security; policy and government; privacy’ professional development; protecting data and applied crypt; security strategy; technology infrastructure and operations. The RSA Conference USA Twitter account is an excellent source for industry professionals giving updates on the conference as well as sharing important news items.

 SANS Series – @SANSInstitute
SANS, the industry leader in information security education, provides training sessions across the country throughout the year. While some focus on a particular area of interest such as cyber threat intelligence or ICS security, others are more regionalized. The SANS Institute Twitter account covers not only the ongoing conferences but also links to the organization’s white papers and other information.
 
SchmooCon – @shmoocon
SchmooCon is the SDCC of the InfoSec conference world. WIth 1460 tickets sold in three rounds, the conference sold out in 9.8 seconds. Unlike other conferences, SchmooCon incorporates papers such as “Can A Drunk Person Authenticate Using Brainwaves? #NotAlcoholicsJustResearchers.” Despite the irreverent nature, SchmooCon’s sponsors include CrowdStrike, Endgame, and SANS. The SchmooCon Twitter account shares about the conference but since tickets sell out quickly, it’s a good way to get a reminder for when they go on sale.

The H4x0rs

 
iOn1c – @i0n1c
 iOn1c, aka Stefan Esser, is a German security researcher who developed antid0te in 2010 which was considered a more secure iOS jailbreak. In 2016, he released an app called System and Security Info which detected if a phone had been secretly jailbroken. The app was subsequently withdrawn. Mr. Esser’s Twitter account is less resharing and more original content.
 
The Grugq – @thegrugq
As a self-proclaimed security researcher who is known to penetrate systems, The Grugq has a business in hacking software, arranging deals with exploit brokers, and selling the information to a government agency. His posts on Medium are insightful and well written. The Gugq’s Twitter account provides exactly the perspective and musings that one would expect from a hacker extraordinaire.
 
David Litchfield – @dlitchfield
 In 2003, Mr. Litchfield was voted “Best Bug Hunter.” He has also written Oracle Forensics, The Oracle Hacker’s Handbook, The Database Hacker’s Handbook, and The Shell Coder’s Handbook. In January of 2017, he started working at Apple. Mr. Litchfield’s Twitter account is a mix of personal, information security, and humor.
 
Kevin Mitnick – @/kevinmitnick
 At one point in time one of the FBI’s most wanted hackers for hacking 40 major corporations, Mr. Mitnick has turned white hat and now gets paid to penetrate security systems. Major news outlets including CNN, CNBC, Al Jazeera, FOX News, CBC, BBC, and Radio Moscow are among those who seek his advice and insight on current technology events. His private security firm services AT&T, CBS, Dell, the FBI, FedEx, and Harvard among others. Mr. Mitnick’s Twitter account mixes thoughtful insights on the current state of security with irreverence.

 0xcharlie – @0xcharlie
 Chris Miller, the live person behind 0xcharlie, has a history of iOS device hacking. Currently working as a security engineer at Uber, he was recently in the news for discussing the ability to remotely attack driverless cars. Mr. Miller’s Twitter account discusses hacking news with a focus on his own thoughts and insights.
 
pod2g – @pod2g
Pod2g, aka Cyril Cattiaux, currently lives in France and discovered several bootrom exploits. He has been both part of the Chronic Dev Team and the Dream Team.  He is a legend for his hacking of iOS. pod2g’s Twitter account is quieter than some others but gives updates on Jail Break Con and other news in the hacker community
 
iH8sn0w – @ih8sn0w
 A younger hacker with a more active Twitter account, iH8tsn0w is another iOS jailbreak hacker. iH8tsn0w’s Twitter account provides insight into the underground Canadian infosec community with articles and retweets. 

InfoSec Tidbits

 
Info Security Jerk – @infosecjerk
With a sarcastic tone, InfoSecJerk is irreverent and without a filter. This is not a professional sense of humor but the kind of humor that comes out after having beers after a long day of coding. Info Security Jerk’s Twitter account reads like Bart Simpson if he tweeted about InfoSec.
 

LiquidMatrix – @liquidmatrix
 Considered one of the “blogs to follow,” LiquidMatrix also has an excellent sense of humor about itself. Mixing practical with entertaining, this is not just a great source for information but also a fun way to read about infosec issues on a lunchbreak. The LiquidMatrix Twitter not only links to its own articles but also provides an array of interesting items from other online sources.
 
Pwn All The Things @pwnallthethings
Retweeted by some of the top InfoSec industry influencers, Pwn All The Things is an anonymous Twitter account that follows current events as well as information security. Although not humorous, The PwnAllTheThings Twitter account is timely, insightful, and active.
 

SwiftonSecurity – @/SwiftOnSecurity
For InfoSec humor, SecuriTay, aka SwiftonSecurity, has it all. Biting insight mixed with Taylor Swift lyrics and other popular culture references make this account fun as well as thought provoking. SwiftonSecurity’s Twitter account may be anonymous, but it is proof that not all things anonymous are bad.

 

The Regulatory Agencies and Standards Organizations

 
ISO – @isosecgen
 The International Organization for Standardization has multiple Twitter accounts to follow. For the self-proclaimed geek friendly and informatively fun information, the official ISO Twitter is intended for the masses. For industry updates and news about information security issues, the Secretary General of ISO tweets from conferences and meetings.  
 
PCAOB – @PCAOB_News
 The Public Company Accounting Oversight Board arose out of the Sarbanes-Oxley Act of 2002 to establish auditing standards for registered public accounting firms. The PCAOB Twitter keeps followers updated by sharing information about enforcement actions, updates, and conferences that discuss SOX.
 
PCI – @PCISSC
 Another peer organization, the PCI Security Standards Council was founded by American Express, Discover Financial Services, JCB international, MasterCard, ad Visa, Inc. to create the PCI Data Security Standard (PCI DSS) to ensure that information is appropriately handled by all merchants, banks, processors, hardware and software developers, and point-of-sale vendors. Focused on payment data, the PCI SSC Twitter shares tips, news items, and current payment data news.

 AICPA – @AICPA
 The American Institute for Certified Public Accountants, the AICPA, is the place to find information about audit reporting standards. For many IT companies, this means it’s a great source for SOC 1, 2, and 3 reporting information. The AICPA Twitter offers articles and updates for professionals. Meanwhile, the AICPA MediaRelations Twitter provides news articles to help keep the public informed.

Department of Health and Human Services Office for Civil Rights – @HHSOCR
 With a lot of IT companies needing to be HIPAA compliant, the Department of Health and Human Services is the regulator to follow. More specifically, the HCC’s Office for Civil Rights enforces the privacy regulations. The HHS OCR Twitter provides suggestions and updates that can help regulated organizations stay up-to-date on changes and innovations.

What did you think of our list? Anyone that we should consider including in one of our future lists?