Figuring out the best way to leverage the cyber risk landscape with growing numbers of vulnerabilities every day is a daunting task, to say the least. Last year, CVE Details, a free database of software vulnerabilities, found a total of 14,712 known vulnerabilities. Indeed, threat analysis and vulnerability remediation can cost organizations up to 320 hours in labor per week.
Fortunately, cyber risk professionals monitoring the threat landscape on social media is at its very best. Today we’re sharing our list of the top 10 cyber risk experts we’re following on Twitter religiously; they are our favorite go-to people in the world of vulnerability remediation and cybersecurity.
Dr. Anton Chuvakin (@anton_chuvakin): Anton is a VP & Distinguished Analyst at Gartner with vast knowledge of log management, SIEM, and PCI DSS compliance. Former Director of PCI Compliance Solutions at Qualys, see a few of his pieces including “Does Vulnerability Assessment Even Matter?,” and “We Scan and We Patch, but We Don’t Do Vulnerability Management.”
Troy Hunt (@troyhunt): Troy is well-known for his portal haveibeenpwned which allows you to check if an online account has been compromised. A Pluralsight Information Security & Author, and Regional Director and MVP for Developer Security at Microsoft, Troy has traveled all over the world giving talks about cybersecurity. Most recently Troy spoke at Infosecurity Europe 2018 where he presented on “Passwords, Authentication & Data Breaches in the Modern Era.”
Mikko Hypponen (@mikko): Mikko is CRO at cybersecurity firm, F-Secure, and is a prolific speaker and educator as well as a cyber risk professional. His keynote speech at Hack Talks last year was called “Data Is The New Oil - The Internet revolution already started years ago and it isn't over yet.” Mikko was on the FP Global 100 Thinkers list for 2011 and continues to be viewed as an innovative thinker and a person to watch around cybersecurity.
Caleb Barlow (@calebbarlow): Caleb is Vice President of Threat Intelligence at IBM and a well-known advisor on cybersecurity. Check out his Ted Talk on “Where is Cybersecurity Really Coming From,” his podcasts, and his latest article “Science Channel: Inside X-Force Command.”
John Kindervag (@Kindervag): John has been a veteran of high-tech for 25 years now. Famous for his ideas on Zero Trust in cybersecurity, he is currently the Field CTO for Palo Alto Networks and is a Principal Analyst at Forrester. Check out his recent post “Clarifying What Zero Trust Is - and Is Not.”
Marion Marschalek (@pinkflawd): An engineer and experienced security researcher looking at low-level security for Intel, Marion is known for uncovering government malware and most recently identifying French government surveillance malware. She recently gave a keynote speech at HITBSecConf on “The Future, The Past, and … Wait, Where the Hell are We Now?”
Katie Moussouris (@k8em0): Katie is a Founder and CEO of Luta Security and is most well-known as a pioneer in the bug bounty and vulnerability disclosure arena, and has claimed that “... bug bounties MUST NOT exceed the price a developer or tester would make in salary. This is why those $250,000 bug bounties for side channel vulnerabilities are too high. We're damaging the defense pipeline w perverse incentives for bug hunters.” Watch Katie’s keynote at the O’Reilly Security conference last year entitled “The Dao of Defense: Choosing Battles Based on the Seven Chakras of Security.”
Chris J Hodson (@ChrisHInfoSec): CISO at Zscaler, Chris is a blogger on CSOOnline, “CISO 2.0”. Chris is an advocate of education in the infosecurity sector and acts as a member of CompTIA's Cyber Security Committee. His latest blog post is “CISOs: What you can control – and what you can’t – in GDPR.”
Andy Ellis (@csoandy): Andy is CSO at Akamai. Specializing in information security, safety and risk management, Andy is the designer of Akamai’s TLS acceleration network and many of the company’s web security solutions. Check out his latest blog “Composing Defences” on his website and a profile on Andy in Forbes late last year.
Gianluca Varisco (@gvarisco): Formerly VP Security at Rocket internet and Infrastructure Consul, Gianluca left the private sector for a number of years to serve on the Italian government’s Digital Transformation Team. In August, he announced that he’ll be leaving his position on the team to join Arduino as their CISO, bringing his years of experience to the popular open source hardware and software platform.
So there you have it – our top 10 list, and we are positive that security managers keeping on top of the cybersecurity landscape will have others they recommend as well. Let us know who you are following and why. The number of folks out there is far and wide, and will certainly keep growing.