Introducing Checkmarx Software Composition Analysis (CxSCA)

16 CISOs and Security Leaders You Should be Following on Twitter

A few months ago we published an article, ’21 AppSec & Security Gurus You Should Be Following on Twitter,’ and even we were surprised with the buzz it created. It seems we had hit a chord with our readers, who are apparently pining for new security people to follow on Twitter. So, to feed your hunger for ‘security twits’, we decided to double down and create a list of the best tweeters of security related news and info by security leaders heading organizations – the CISOs and CSOs.

These security leaders have had years of experience both securing and leading, and have great insights, advice, and news to share with their followers. We’ve even created a handy Twitter list for you to follow and easily keep up with the CISOs recognized here.

What other CISOs and CSOs are great to follow? Leave your suggestions below and we’ll add them to our list on Twitter!

alex stamosAlex Stamos, CISO at Yahoo @alexstamos

The Chief Info-Sec Officer of Yahoo since early 2014, Alex is changing the way they do security at one of the oldest internet companies. His initiatives at Yahoo have included creating an encryption email system in partnership with Google and recently challenging the NSA over its’ encryption demands.

In the past, Alex helped co-found iSec Partners and in his previous position helped oversee the .secure domain namespace. Alex regularly speaks at security conferences including Def Con and Black Hat and helped organize last year’s TrustyCon.

You’ll find him tweeting about and retweeting lots of security and privacy related news and issues along with a mix of tech-related, humorous tweets.

Martin Fisher, CISOMartin Fisher, Director of Information Security at Northside Hospital @ArmorGuy

Martin is one of the charismatic co-hosts of the popular Southern Fried Security Podcast, a weekly conversation with fellow security experts Steve Ragan, Andy Willingham, Yvette Johnson along with guests on “information security, leadership, and management (more or less).” In his day job, however, Martin is the Director of Information Security at Northside Hospital in Atlanta.

Between quips on security and non-security news, Martin offers insights into upcoming podcast plans as well as tip-style tweets.

zane lackey, CISOZane Lackey, Founder/CSO at Signal Sciences @zanelackey

Zane, who is the founder and Chief Security Officer at SaaS solutions provider Signal Sciences, was formerly Director of Security Engineering at Esty and a Senior Security Consultant at iSEC Partners.

In addition to sitting on the advisory boards of the Internet Bug Bounty program and the Open-Technology Fund backed by the US State Department, Zane is a frequent speaker at security and technology conferences (DefCon, SANS, OWASP and RSA to name a few) and is often quoted in InfoSec-related articles.  If that wasn’t impressive enough, Zane was also a contributing author of the popular books Mobile Application Security and Hacking Exposed: Web 2.0. During his time at Etsy, presented this fantastic Effective Approaches to Web Application Security slide-deck.

On Twitter, Zane is like the most interesting man in the world: He may not tweet all the time, but when he does, he tweets and retweets like a boss. Follow Zane for great, security-related content from him and his security thought-leading peers.

andy ellisAndy Ellis, CSO at Akamai @CSOAndy

Andy is well-known in the security industry, and after reading an interview with him, it is clear to see why: The man knows his InfoSec. As the Chief Security Officer at Akamai, Andy is charged with overseeing the organization’s security architecture and compliance activities.

He’s moved up the ranks since joining the company as a Senior Security Engineer in 2000, so it’s obvious Andy knows what he’s talking – and tweeting – about. He designed and patented the Akamai SSL acceleration network along with other vital technologies housed under Akamai’s Kona Security Solutions. Andy is also highly involved in internet privacy issues, and you can follow his journey on his blog,

You’ll find Andy tweeting about a range of topics including lots of InfoSec and privacy news and tips, personal tweets about his Boston hometown and favorite sports teams.

michael coatesMichael Coates, Trust & Information Security Officer at Twitter @_mwc

Michael just announced in January that he would be heading Twitter’s security team, so while being a Security Officer is a new gig, he’s far from new to InfoSec. He’s been on the security teams at Mozilla and Shape Security prior to Twitter, and was OWASP’s chairman of the board for the past three years, where he also created and launched the AppSensor Project.

Michael’s timeline is a wealth of his short commentary on the latest security updates and news, as well as info for OWASP events (both local to his San Fransisco as well as national).

Michael was also on our 21 AppSec Gurus you should be following on Twitter list, so this is a reminder that if you’re not following him, you definitely should be!

mryna sotoMyrna Soto, CISO at Comcast, @Myrna_Soto

Myrna has extensive experience behind her in various IT and security positions at major companies including MGM Resorts, American Express, and Royal Caribbean Cruise Lines. With over 20 years in security, Myrna brings much wisdom to her work – as well as her Twitter account.

The recipient of no less than four awards honoring her current CISO work, Myrna is responsible for the entire enterprise and infrastructure security strategy at Comcast, in addition to protecting all customer data and ensuring compliance.

Follow Myrna for a healthy dose of tips for fellow CISOs and women in the security field, and stay around for pictures of mouth-watering food and wine!

jake kounsJake Kouns, CISO at Risk Based Security, @jkouns

As co-founder and president of the Open Security Foundation, Jake plays a major part in helping run the Open Source Vulnerability Database (OSVDB) that the InfoSec community relies on. In addition to that role, Jake also happens to be the Director of Security of Networks at Risk Based Security.

Jake is a regular at many major security conferences, including DefCon, RSA, CISO Executive Summits and more. He also co-authored the book on CISOs…literally: It’s called The Chief Information Security Officer, a guide on the changing technology and security landscape for the CISO. He even has a Wikipedia page, which makes him that much more worthy to be on this list.

Follow Jake for up-to-date security news and updates on recent events in the security industry.

dave kennedyDave Kennedy AKA ReL1K, CEO of Trusted Security & Former CSO, @HackingDave

Now the CEO of the company he started, Trusted Sec, Dave is a former CSO of a Fortune 1000, former Marine, and continual pioneer in the InfoSec industry. Perhaps best known as the author of the famous Metasploit: The Penetration Testers Guide, Dave also helped found the Penetration Testing Execution Standard, the industry-leading standard for conducting pen-tests.

Dave is a regular at top security conferences like Black Hat, Def Con, BSides and DerbyCon, which he co-founded and continues to help run annually, and is often interviewed by mainstream media about security events.

Follow Dave for updates about the pen-testing tools and projects he’s a part, InfoSec news, and his sentiments about hot security topics.

Nikk GilbertNikk Gilbert, Managing Director & Former CISO @archangelnikk

Nikk is currently a managing director at Privacy & Risk Partners, a consultancy firm in the security landscape. Prior to his current stunt, Nikk has held the respected positions as CSO for the CUNA Mutual Group and at the American Department of Defense and NATO in CISO and CIO positions. Nikk was awarded the Meritorious Civilian Service Medal and is a distinguished Ponemon fellow, so even though his current role isn’t CISO, you can believe Nikk knows what he’s talking about.

He’s always up to date on the most recent security news, so Nikk is a great person to follow if you’re looking for someone with info relevant to fellow security leaders.

Bruno_KeroutaonBruno Kerouanton, CISO of the Swiss Republic and Canton of Jura @kerouanton

As head of IT Security for the Republic and Canton of Jura in Switzerland, Bruno is faced with the challenges of securing the city’s infrastructure and applications.

Bruno is also part of the Swiss National Security Network, has twice been rewarded the French CSO of the year award, in 2005 and 2010, and has been a teacher at prestigious French Engineering university Mines Nancy. On top of that, Bruno has spoken at various InfoSec conferences and served as a supervisor for ISC2’s CISSP exam. For a taste of Bruno’s approach to being a CISO, his presentation on the CISO’s evolution for a recent ISC2 event offers fantastic insights.

On Twitter, Bruno switches between sharing more technical security write-ups and POCs and more managerial security articles – and they are always interesting.

phil cracknellPhil Cracknell, CISO at Company85 @pcracknell

He calls himself the Dexter of the InfoSec world, which perhaps creates more questions than answers but offers an interesting take on his 25+ years in the InfoSec community. Phil is currently the Director of Security & Privacy Services as well as the Virtual CISO for Company85’s clients.

Prior to his current role, he was President of the ISSA UK, Head of Compliance for Skype, a former CISO for TNT Express and a regular speaker at international security conferences. Impressively, his first CISO role was in 1998, well before most organizations even knew what a CISO was!

Dan Lohrmann, CISODan Lohrmann, CSO & Chief Strategist at Security Mentor @govcso

Dan is the chief strategist at Security Mentor, a security awareness training organization. He also had the opportunity of becoming the state of Michigan’s first Chief Security Officer, developing and implementing a security program for the entire state infrastructure. He’s also been involved in cybersecurity policy at the Federal level, advising top clients including the U.S. Department of Homeland Security, the FBI, and other federal agencies across the country. To top it all off, he was the first CISO in Michigan and the first enterprise-wide CISO in the government.

Follow Dan for his security reading recommendations, insights from Security Mentor’s research, and to join in his conversations on upcoming trends in security. For more than 140 characters at a time, Dan also keeps an active blog on the site.


theresa paytonTheresa Payton, President & CEO, Fortalice Solutions @FortaliceLLC

OK, Theresa may not have a CISO role on her resume, but with a CIO role at the White House and her current gig as President and CEO of a security, risk, and privacy company, we think she’d make an excellent CISO. Did we mention she was the first woman to hold the CIO role at the White House? Privacy and cybersecurity are her main professional interests, which she transitioned into after Senior VP positions at Bank of America and Wachovia, now Wells Fargo. She’s also authored two books on privacy, Privacy in the Age of Big Data and Protecting Your Online Identity.

She’s regularly interviewed in the media and helped start the Women in Information Science and Engineering (WISE) group in Charlotte, North Carolina. Follow Theresa for a constant stream of security and privacy related tweets.

jared cartensen, Information Security OfficerJared Carstensen, CISO at CRH @jaredcarstensen

With only one month under his belt in his new position, he’s a newbie to this list, but with over 15 years of experience in InfoSec, this South African deserves a place! Jared previously worked at Deloitte as a senior manager of enterprise risk services, where he co-authored the popular Cloud Computing: Assessing the Risks guide and is the chapter president of his ISC2 Dublin chapter.

His Twitter feed is filled with retweets from popular InfoSec organizations, thought-leaders and media sites about security news.

Darren ArgyleDarren Argyle, CISO at Markit @D_Argyle

Darren is officially a brand new CISO: He’s in his first few months at Markit, a financial services provider, but that’s not to say he’s new to being a leader in InfoSec.  He was previously Symantec’s EMEA Head of InfoSec Practice Senior Director and an IT Security Executive at IBM before that. The Brit was also on the board of the Jericho Forum, an international thought-leadership association for Information Security.

Follow Darren for great security news, the latest InfoSec trends, and highlights from the many security conferences Darren attends and speaks at year-round.

Richard RushingRichard Rushing, CISO at Motorola Mobility @SecRich

Richard is the current CISO at Motorola Mobility, the company that has introduced the Moto X and Nexus 6 to the mobile market. In his over 25 years of experience, Richard worked steadily up the ladder, beginning with senior positions as Network Manager at Siemens and Security Architect at GE prior to taking CISO positions at AirDefense, which he also co-founded. With colleagues from Motorola, Richard also gave a talk at Black Hat 2010 on USB Hacker Interface Design.

On his Twitter feed, Richard offers lots of great articles in security and offers his own opinions about security events.


Image Credit:

Jump to Category