Cybersecurity Experts to Follow on Twitter

Security Boulevard recently listed the “Top-21 Cybersecurity Experts You Must Follow on Twitter in 2021.” I came in at #7. I thought that was pretty good, especially since I never tweet. My Twitter feed just mirrors my blog. (If you are one of the 134K people who read me from Twitter, “hi.”)

Posted on April 16, 2021 at 2:13 PM28 Comments


David Rudling April 16, 2021 3:54 PM

The link works for me.
I see Bruce just edged Brian Krebs into 8th place.
I am an avid follower of both.

David Rudling April 16, 2021 3:57 PM

… but not on Twitter I hasten to add. I don’t have an account on any Ant-Social Media.

Joe K April 16, 2021 4:17 PM


Can you change the user agent string your web client sends?

I mostly use lynx as my web client, and frequently find that I need to change it to something more “conventional” to get web servers to serve me pages (looking at you,

I also suspect that there is some boilerplate nginx config floating around that tries to blacklist lynx (and I assume others) via user agent string.

snur-pele April 16, 2021 4:23 PM

403 here too…

I´d like to know who those other 19 are.
Could someone post the list?

Thanks in advance

Joe K April 16, 2021 5:06 PM

@snur-pele, below is list of names, followed by handles.

Twitter timelines should be located at

  1. Rafay Baloch
  2. Troy Hunt
  3. Kevin Mitnick
  4. Rachel Tobac
  5. Mikko Hyppönen
  6. Kate Moussouris
  7. Bruce Schneier
  8. Brian Krebs
  9. Jeremiah Grossman
  10. Eugene Kaspersky
  11. Dan Lohemann
  12. Steve Morgan
  13. Tyler Cohen Wood
  14. Graham Cluley
  15. Theresa Payton
  16. Shira Rubinoff
  17. Eva Galperin
  18. Marcus J. Carey
  19. Jayson E Street
  20. Paul Asadoorian
  21. Adam K. Levin

David Rudling April 16, 2021 5:08 PM

  1. Rafay Baloch
  2. Troy Hunt
  3. Kevin Mitnick
  4. Rachel Tobac
  5. Mikko Hyppönen
  6. Katie Moussouris
  7. Bruce Schneier
  8. Brian Krebs
  9. Jeremiah Grossman
  10. Eugene Kaspersky
  11. Dan Lohemann
  12. Steve Morgan
  13. Tyler Cohen Wood
  14. Graham Cluley
  15. Theresa Payton
  16. Shira Rubinoff
  17. Eva Galperin
  18. Marcus J. Carey
  19. Jayson E Street
  20. Paul Asadoorian
  21. Adam K. Levin

Etienne April 16, 2021 5:16 PM

My view is that all the flourescent haired unshaven cybersecurity experts are running and barking at the tires of cybercriminals and never catching up, let alone getting out front.

Back in my day the top tier pay was RF signals analysis, but I watched as computer hackers stole the NSA budget, and all they ever do is act as firemen, sifting through ashes with a rake.

A lot of their tools are released to the public, and they shrug their shoulders. Oh well…


snur-pele April 16, 2021 6:19 PM

@Joe K, @David Rudling
Much Obliged!

There are a few names unknown to me in that list.
It will be interesting to see if some of them do something not aimed at birdbrains as well!

(Food for thought: The 403 thing must mean the serving party admits to harvesting PII?
Or could it be that they just can´t bother to read up on GDPR?)


Clive Robinson April 16, 2021 8:06 PM

@ ALL,

I must admit I don’t “do twitter” and even if I did there are some on that list I would avoid for various reasons, and others I’ve never heard of (and I’m sure that’s reciprocated 😉

But then there are other lists, of recomended security people who “Twitter” to Follow. For instance this list is one[1],


Personally I’ve not looked at any of them apart from one. And that is only very occasionaly [2] and that was long before I ever saw either of the lists.

But even so you might want to have a look at,

Lesley Carhart @hacksforpancakes

I find her writings to be generally gentle on the eye, whilst being informative. Importantly she tries to give back and encorage people into the profession which is usually a good sign.

[1] It’s not a list by me, it’s one put together by someone in training docs made for,

[2] It’s only “occasionaly” because it’s only when using some other Internet connected device that belongs to someone else due to my “no cookies, no js” rules on my own geriatric semi-smart “track-me” device[3]

[3] Speaking of “track-me” devices, I’ve started looking around for a new one, as I realy can not expect this “old friend” to carry on as it’s never going to do 5G etc (but then I started saying that some time ago). As part of that search I found this bod,

Ignore the first self promotion bits and watch the rest it did make me smile in a wry sort of way.

lurker, the non-nym-stealing-bot one April 16, 2021 10:51 PM

Hypponen is a survivor from wayback, so he must be doing something right. Are Finns arrogant? No,they’re different. A forthright presentation style will keep people’s attention, even if it’s only to see what the heck he’s on about, some of the message gets through.

Weather April 17, 2021 1:24 AM

I looked at Hacksforpancakes it just look like friends sending txt message, she didn’t say much from what I could workout.

yabba dabba don't April 17, 2021 1:31 PM

Here is my list of cybersecurity experts worth paying attention (twitter or not) besides Bruce. The list is short.

Brian Kerbs
Johanna Rutkowska
Eva Gilperin

Most people in this field are just spewing nonsense or worse corporate backed shills but those four are people with the brains to back it up.

SpaceLifeForm April 17, 2021 3:22 PM

@ Weather

It is hacks4pancakes

Yes, I “follow” her. There are others not mentioned which I may list later.

mostly reading quietly April 17, 2021 4:07 PM

@ yabba dabba don’t

Rutkowska is good, VERY good, but what has that Galperin achieved? I mean, ever? Any rootkit research paper? Most time she tweets about her new haircut or new drink.

Yabba dabba don't April 17, 2021 4:23 PM

@Mostly reading quietly

Fair point and fair question. What I like about evacide is that she bridges the gap between the geek and the clueless. She well understands the real tradeoffs in most security and privacy equations and can make those tradeoffs accessible to the ordinary person on the street.

It easy to forget what its like to be a newbie or even a noob in this area of culture. Where she excels is at what I call “translation”. Taking the insights of others and helping people with only a casual interest in security understand them. Yes, your right, she doesn’t have any great research to her name or major contributions. Those aren’t the only metrics.

She’s relatable and smart. It’s an undervalued combination.

SpaceLifeForm April 17, 2021 5:55 PM

@ yabba dabba don’t, Fed.up, Clive

It is Krebs, not Kerbs, but I know you know that, and was just a typo.

Sometimes, he will be onto a story that I do not find important.

But, if you want to really know breaking news, you have to check them. A bunch of them, at least every couple of days or so.

Not all researchers are looking at the same issue.

Many will find an issue that others missed.

Same problem happens in IC.


SpaceLifeForm April 18, 2021 2:15 AM

@ sarahkendzior

Is top fav of mine. I could, if needed, walk to her house. Not a short walk, but it would be good exercise. Hours walk. I would do it for her.

She gets it. She sees the big picture.

I’ll curate my list later. There are others worth the “follow” in the big picture. Some may not really be that technical, but they see the security aspect.

Anders April 18, 2021 7:20 AM

I used to read some persons tweets in the past
however i do now it rarely when Javascript was
forced. Only if something important is pointed

In the past Twitter was wonderful information
source, but now it resembles FB – animated GIF’s
and videos everywhere, making page scrolling quite
tedious and slow, especially in remote cabin with
mobile internet. Gone is that original idea of 160
characters, analogous to SMS text message.

Is there any good gateway that lets access Twitter
from non-Javascript browser and strips away all those
GIF’s and videos and unicode smilies and gives just
text, good old text?

SpaceLifeForm April 18, 2021 10:30 PM

@ snur-pele, Anders

No, unfortunately. Threadreaderapp is a bot that only captures threads when someone on twitter requests the bot to save the thread.

She (Rachel Tobac) has tweeted since the last thread save. Yes, I “Follow” her.

So, you see that Threadreaderapp does not save all. It would be impossible due to bandwidth and storage requirements.

Anders, I too would like to avoid the graphics, unless they are important. I which they would not auto-open and auto-download, even if I have good bandwidth.

Those that constantly are tweeting with pics, I tend to stop paying attention to them even if they are tech people. I figure if they have some useful information, someone else will note it on their twitter account, so I will find out that way. You don’t have to “Follow” a lot of people, just the people that pay attention while they are doing the following. You follow the reliable followers. Let them filter out the noise.

There are people out there that actually follow over one thousand other accounts. I fail to see how that can truly be useful, unless most of them never tweet. April 19, 2021 7:57 AM

@snur-pele, Anders

Wasn’t it mentioned here before that twitter should be read via some instance of javascriptless, like

See list of instances (some may be defunct) at https://

Anders April 19, 2021 2:45 PM

Thanks, @SpaceLifeForm @snur-pele ( + @Clive)

I share here also one of my source. Nice text only, updated weekly.



SpaceLifeForm April 19, 2021 5:36 PM

@ Clive, ALL

Ads have always been a ‘Supply Chain Problem’

Toss in some malicious JS, (rowhammer.js), and Bob’s your Uncle.

Observed for 2 decades now.

You should all appreciate that this site is Ad-free.

There are some interesting comments that I want to investigate further. The ROFL helicopter that moves in the browser, and the color changing comment as a reply to the chopper. Very interesting.

Those two comments are on the first page of comments, so you can see them with below link.

Also, you may notice the link is telling you something,

SpaceLifeForm April 19, 2021 6:19 PM

@ Moderator, -, Winter, Clive, Weather, vas pup

Oops. It may appear I posted to the wrong article.

Did I?

Weather April 19, 2021 8:30 PM

No that is still you.
I just skim passed it, when wint posts it is a huge difference from the other.

SpaceLifeForm April 20, 2021 2:05 AM

@ matthew_d_green, Clive, ALL

Yes, another I “Follow”. A tad surprised not mentioned above.


Sometimes I wish I could time travel back to 1999 and steal credit for inventing all of today’s cool crypto results. The downside is they’d probably be too slow to run on a Pentium III 🙁

Matthew, that is called a ‘feature’. It is not a ‘bug’.

Leave a comment


Allowed HTML <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre> Markdown Extra syntax via

Sidebar photo of Bruce Schneier by Joe MacInnis.