Top 25 Cybersecurity Experts & Accounts to Follow on Twitter

eSecurity Planet content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.

​​​​​​​​More than 15 years after the launch of the microblogging social media platform, Twitter remains a dominant public forum for instant communication with individuals and organizations worldwide on a universe of topics, including cybersecurity.

A graphic image showing the eSecurityPlanet logo and the Twitter logo as this article features the top cybersecurity accounts to follow on the major social platform.

Here are the top Twitter accounts to follow for the latest commentary, research, and much-needed humor in the ever-evolving information security space – followed by five accounts on the increasingly active Mastodon security community. Our review considered experience in enterprise cybersecurity, contributions to research and real-time developments, and Twitter-specific metrics like following and activity frequency.

See our picks for the top cybersecurity companies and startups

Aleksandra Doniec

@hasherezade
One of Europe’s top malware analysts thanks to her work for places like Malwarebytes, Aleksandra Doniec has provided a number of in-depth ransomware analyses and security tools throughout her career. Her contributions were significant enough to have her included in Forbes’ 2018 “30 Under 30 Europe” in the Technology category. Her private account offers a host of cybersecurity insights, particularly related to malware and ransomware, along with personal tweets. Her website also provides links to some of the useful cybersecurity tools and scripts she has created over the years, many of them open source.

https://twitter.com/hasherezade/status/1637614885621096449

Binni Shah

@binitamshah
Security enthusiast and Linux evangelist Binni Shah consistently offers valuable tutorials, guides, and insights for the cybersecurity community. Shah provides her expertise in hacking, software development, and kernel development and advocates for open source initiatives. This is an account to watch for developers working in Linux environments.

https://twitter.com/binitamshah/status/1638197681108418565

Bruce Schneier

@schneierblog
Security technologist Bruce Schneier was respected long before the launch of Twitter. His 1994 book detailing cryptographic algorithms (Applied Cryptography) was just the beginning of his contributions to technical perspectives on system design, cybersecurity, privacy, and more. His Twitter updates are short, newsy, and to the point. They include links to his blog posts, which expand on the mentioned topic.

https://twitter.com/schneierblog/status/1633445222624681985

Dave Kennedy

@HackingDave
Dave Kennedy started as a forensic analysis and cyber warfare specialist in the US Marine Corps before entering the enterprise space. Kennedy founded cybersecurity-focused TrustedSec and Binary Defense Systems and co-authored Metasploit: The Penetration Tester’s Guide. He retweets multiple experts’ posts on different security topics and also participates in industry conversations and events.

https://twitter.com/HackingDave/status/1635990706366889985

Eugene Kaspersky

@e_kaspersky
Russian software engineer Eugene Kaspersky’s frustration with the malware of the 80s and 90s led to the founding of antivirus and cybersecurity vendor Kaspersky Lab. Kaspersky currently serves as CEO and a distinguished cybersecurity expert in the international community. He discusses both consumer and business security on his Twitter feed and covers a wide variety of cybersecurity topics.

https://twitter.com/e_kaspersky/status/1620317049376411649

Eva Galperin

@evacide
Starting with her first desktop on a Unix machine at age 12, Eva Galperin’s contributions to cybersecurity include research on malware and privacy. Galperin is the current Director of Cybersecurity at the Electronic Frontier Foundation (EFF) and noted free speech advocate. Note that Galperin’s current Twitter discussions now center more around politics rather than cybersecurity.

https://twitter.com/evacide/status/1629204223165620224

Graham Cluley

@gcluley
Graham Cluley started as a videogame developer and antivirus programmer three decades ago before serving in senior roles at Sophos and McAfee. In recent years, Cluley has been well-known for his cybersecurity analysis, blog, and award-winning podcast Smashing Security. The podcast takes a lighter approach to major cybersecurity topics, for those who want a more humorous look at the industry.

https://twitter.com/gcluley/status/1638869551772319744

Jason Haddix

@Jhaddix
Through tenures at Citrix, HP, and Bugcrowd, Jason Haddix offers his expertise in the areas of penetration testing, web application testing, static analysis, and more. Haddix continues to provide his insights on Twitter while occasionally appearing on podcasts. Consider following Haddix if you want to learn more about security testing news and trends.

https://twitter.com/Jhaddix/status/1514933567159033858

Jeremiah Grossman

@jeremiahg
With deep industry experience, Jeremiah Grossman was the Information Security Officer for Yahoo!, founder and CTO of WhiteHat Security, and Chief of Security Strategy for SentinelOne. Grossman is an innovative industry leader. He currently works in security strategy at Tenable. Grossman’s tweets are short and straightforward, covering both enterprise tips and nationwide security news.

https://twitter.com/jeremiahg/status/1599932128875417600

Marcus J. Carey

@marcusjcarey
Marcus J. Carey started his cybersecurity career assisting federal agencies with pen testing, incident response, and digital forensics. Two decades later, the information security expert is a distinguished author (Tribe of Hackers), entrepreneur, and speaker. Occasionally he posts security career information for those in the job field.

https://twitter.com/marcusjcarey/status/1606018667879272450

Maria Markstedter

@Fox0x01
As managing vulnerabilities in embedded systems become increasingly crucial to cybersecurity, Maria Markstedter offers her expertise as an independent security researcher and founder of Azeria Labs. Markstedter actively contributes to filling the infosec education gap.

https://twitter.com/Fox0x01/status/1576907613387706368

Matthew Green

@matthew_d_green
Matthew Green is a renowned expert in cryptographic engineering. Green’s contributions to applied cryptography are profound, and his other research includes securing storage and payment systems. He is currently an Associate Professor at John Hopkins University.

https://twitter.com/matthew_d_green/status/1637035201535590404

Katie Moussouris

@k8em0
Katie Moussouris’ resume includes studying at MIT and Harvard, enterprise experience at Symantec and Microsoft, and years of promoting bug bounty programs and white hat hacking. Today, Moussouris is the founder and CEO of cybersecurity consultancy Luta Security.

https://twitter.com/k8em0/status/1637465815711891458

Also read: Top Next-Generation Firewall (NGFW) Vendors

Kevin Mitnick

@kevinmitnick
Formerly on the FBI’s Most Wanted list, Kevin Mitnick is a crucial figure in the history of information security, including approaches to social engineering and penetration testing. Today, Mitnick operates his consultancy and serves as Chief Hacking Officer for KnowBe4. He also participates in educational sessions hosted by other major tech companies, covering cybersecurity topics.

https://twitter.com/kevinmitnick/status/1525111447654924290

Mikko Hyppönen

@mikko
Mikko Hyppönen is the veteran chief research officer of Finish cybersecurity company WithSecure. After three decades of experience analyzing and following the latest security threats, Hyppönen continues to offer his perspective on privacy, cybersecurity, and so-called “smart” devices.

https://twitter.com/mikko/status/1636749889211101184

Paul Asadoorian

@securityweekly
Once a penetration tester, Paul Asadoorian has been the founder and CEO of Security Weekly and host of a weekly show since 2005. Asadoorian has built a cybersecurity media force while also serving as a partner for Offensive Countermeasures. He is currently a security evangelist at Eclypsium.

https://twitter.com/securityweekly/status/1638192695674896386

Parisa Tabriz

@laparisa
Google’s Security Princess is Parisa Tabriz, one of the technology giant’s most esteemed hackers. Tabriz has led Google Chrome’s security since 2013, which extends to managing product, engineering, and UX today. Tabriz is a tireless advocate for ethical hacking.

https://twitter.com/laparisa/status/1578475355765059584

Rachel Tobac

@RachelTobac
Three-time winner of DEF CON’s Social Engineering Capture the Flag Contest, Rachel Tobac is a hacker and CEO of SocialProof Security. Tobac’s expertise in social engineering and spreading awareness provides excellent insight into today’s sophisticated threats.

https://twitter.com/RachelTobac/status/1636481960221765632

Robert M. Lee

@RobertMLee
Dragos founder and CEO Robert M. Lee started his career as a Cyber Warfare Operations Officer for the U.S. Air Force before building the SANS Institute’s first dedicated ICS monitoring courses. Lee continues to be a leading voice in the critical infrastructure cybersecurity space.

https://twitter.com/RobertMLee/status/1593337606518951936

Runa Sandvik

@Runasand
Runa Sandvik was a hacker and early developer of the Tor network before her rise to senior director of information security for the New York Times. Today Sandvik is an independent researcher and consultant and advocate for strengthening freedom of the press and privacy. Her Twitter feed often addresses international security news.

https://twitter.com/runasand/status/1628000824495419398

Samy Kamkar

@Samykamkar
Hacker, researcher, and entrepreneur Samy Kamkar launched a unified communications company as a teen before setting off an XSS attack against MySpace. Lesson learned, Kamkar continues to test security integrity years later as co-founder and CSO of Openpath Security.

https://twitter.com/samykamkar/status/1354102556461436928

SwiftOnSecurity

@SwiftOnSecurity
The pseudonymous information security expert known as SwiftOnSecurity is a prominent voice in the universe of cybersecurity. They continually offer a balanced dose of genuine insight into systems and security with the funniest and hardest-hitting memes for SysAdmin.

https://twitter.com/SwiftOnSecurity/status/1286855769732845568

Tavis Ormandy

@taviso
Tavis Ormandy is an ethical hacker and an information security engineer for Google Project Zero. Ormandy’s expertise includes vulnerability hunting, research, and software development with a bundle of GitHub contributions and published research. His tweets often discuss older technology or ask interactive questions of other experts.

https://twitter.com/taviso/status/1581682151531028480

Thaddeus Grugq

@thegrugq
Commonly known as just the Grugq, Thaddeus Grugq is a security researcher and hacker known for publications and commentary regarding forensic analysis, international espionage, and cybersecurity. In recent years, Grugq has talked openly about high-end exploit brokering.

https://twitter.com/thegrugq/status/839471981120495616

Troy Hunt

@troyhunt
Troy Hunt is an Australian web security consultant and perhaps best known for his project Have I Been Pwned (HIBP), which helps users confirm if their data was compromised due to a breach. After 14 years of enterprise experience at Pfizer, Hunt offers his expertise in a weekly vlog. He’s also written infosec courses for Pluralsight.

https://twitter.com/troyhunt/status/1636225195919970305

Accounts to follow on Mastodon

Some popular security leaders have shifted their focus to Mastodon, an open source social media platform, in the wake of recent turmoil at Twitter. Mastodon’s infosec.exchange platform is specifically geared toward the security industry. Check out these accounts if you prefer not to use Twitter.

Brian Krebs

Brian Krebs still has a Twitter account (@krebsonsecurity), but he posts more regularly about security on Mastodon. He is known for his strong background in journalism, writing often about cybercrime.

Marcus Hutchins

Marcus Hutchins is a security researcher. He frequently posts about artificial intelligence, Twitter, and politics on his Mastodon feed.

Jake Williams

Jake Williams is a security researcher and IANS faculty member. He posts about a variety of international security topics, and also maintains a presence on Twitter.

Kevin Beaumont

Kevin Beaumont is a head of security operations in the United Kingdom. He has over 20 years of experience in the cybersecurity industry and also has a security-focused website, doublepulsar.com.

Lesley Carhart

IT industry veteran and former Hacker of the Year Lesley Carhart is another security researcher who has made the move to Mastodon. She consistently contributes to research and dialogue around incident response, digital forensics, industrial control system security, and more. Carhart is currently the Director of Incident Response at Dragos.

To learn more about security, read about our picks for the best cybersecurity podcasts.

Jenna Phipps updated this article on April 3, 2023.

Get the Free Cybersecurity Newsletter

Strengthen your organization’s IT security defenses by keeping up to date on the latest cybersecurity news, solutions, and best practices.

Sam Ingalls Avatar

Subscribe to Cybersecurity Insider

Strengthen your organization’s IT security defenses by keeping abreast of the latest cybersecurity news, solutions, and best practices.




Top Cybersecurity Companies

Top 10 Cybersecurity Companies

See full list

Get the Free Newsletter!

Subscribe to Cybersecurity Insider for top news, trends & analysis