Twitter is an amazing wealth of ideas, opinions, and other resources. But with well over 300M users active on a monthly basis, Twitter can also be hard to navigate. There are so many people to follow and so little time to find the right ones.
When it comes to DevOps and Security, there are lots of great thinkers on the front lines of the union – and luckily for us, many are on Twitter. Whether you’re just starting out or are looking for new ways to integrate security within DevOps (and vice versa), Twitter is a great place to seek out info and be a part of the discussions.
Here are the 15 DevOps and Security experts you should be following on Twitter. Some are more DevOps oriented while others tweet more about security stuff. All are worth a follow for those coming from either background. Want to follow the whole list of them? We’ve created one for you here.
Have any other DevOps and Security experts who should be included? Let us know and we’ll add them to our Twitter list!
1. Gene Kim @RealGeneKim
Gene is one of the original ‘DevOps’ guys, having researched lean companies using various DevOps and agile methodologies since 1999. Together with his work in security, including helping develop the open source Tripwire tool and later opening the company of the same name, Gene is a DevOps-Security guru – and a must-follow on Twitter.
Gene tweets a mix of his own and others’ DevOps articles, presentations, ideas and inspiring quotes to keep you motivated and working towards a more collaborative and simplified approach to IT operations.
2. Joshua Corman @joshcorman
Co-founder of the Rugged Software movement, as well as I Am The Cavalry, Josh is a huge proponent of the ‘rugged’ way of software development. Follow Josh for a great mix of relevant InfoSec and DevOps content and pointed discussions on current affairs in both realms (and of course how the two intersect).
3. Jez Humble @jezhumble
Jez is one of the original thought-leaders in the continuous delivery and DevOps community. He’s also authored two highly recommended books on the subject. His goal is to help organizations develop high-quality software quickly and reliably – something that is extended through his valuable conversations he starts and participates in on Twitter.
4. Zane Lackey @zanelackey
If you’ve ever heard or read anything about how Etsy’s development, operations and security teams run (hint: they’re really good at DevOps & security), then you should know that Zane Lackey (together with Nick Galbreath, who we’ll get to below) played a big part in making that happen from the security side. He’s since left Etsy to found and play the role of CSO at Signal Sciences and continues to give talks about the innovative things he’s a part of in the DevOps and Security areas.
Rich is the current Director of R&D at Duo Labs. His background in security has been mostly “breaking things,” making him acutely aware of the dangers within organizations, and also makes his a thought-leader in the future of security within the same enterprises. In short, he’s someone to pay attention to, both on Twitter and in his talks at various DevOps and Security conferences.
Follow Rich as he presents his way around the world – and keep up with his travel stories as he does so!
6. Alison Gianotto, AKA Snipe @snipeyhead
Spending the last two decades plus in IT and software development, Alison, better known as Snipe, is an outspoken advocate in both the InfoSec and DevOps communities. She built an open-source IT asset management tool, Snipe IT, and, though not totally related, created an amazing Chrome plugin that changes clickbait-y titles to tell you what they actually are.
Not only is Snipe a prolific writer on her blog and around the web, she’s also a prolific tweeter. Follow Snipe for a hilarious stream of tweets about an array of interesting topics – including (but definitely not limited to) DevOps and security. And, before you do follow her, make sure you read her own disclosure so that you know what you’re getting into!
James is a big personality in the security and DevOps arenas – something that’s obvious when you watch his engaging talks on the intersections of the two. Like Josh Corman, James has helped grow the Rugged Software movement, coining the term Rugged DevOps, and even contributed an open source continuous security testing tool, GauntIt, to the community.
Follow James for a solid dose of discussion on the intersection of security and DevOps, and make sure to check out his presentations on the subject.
8. Andrew Storms @st0rmz
As a former senior director for both DevOps and Security Operations in different companies, it’s safe to say Andrew knows his stuff about both DevOps and Security. Now the VP of Security Services at New Context, Andrew continues to integrate DevOps and Security, writing about his experiences on the DevOps.com blog. He’s also given talks at conferences including RSA on the topic.
Follow Andrew for a steady stream of valuable security articles as well as content about the meeting point of DevOps and Security.
9. Patrick Debois @patrickdebois
A founder of DevOpsDays, Patrick has played a big part in the DevOps movement from its start – He’s even the father of the term! He also helped write the DevOps Cookbook with Gene Kim, Jez Humble, and others, which pretty much seals him in as a DevOps all-star. Make sure to follow him on Twitter and on his blog for his thoughts on the state of DevOps and IT along with plenty of witty comments on his work.
10. Laura Bell @lady_nerd
Laura’s a speaker, AppSec trainer and former developer who “specializes in bringing security survival skills, practices and culture into organizations.” Her company, SafeStack, is helping organizations bring application security processes into their agile development processes for a smoother transition to continuous security. Follow Laura for a mix of security and agile related content along with funny and relatable comments on life in tech.
11. Matt Konda @mkonda
Matt’s an agile developer with a focus on security – and a fantastic speaker and presenter on his experiences. In recent years, he began his own consulting company helping organizations develop software securely. Follow Matt for info on OWASP projects (he’s a global board member), hilarious retweets about both security and DevOps and valuable articles and presentations from others in the landscape.
12. Alan Shimel @ashimmy
Founder, CEO and Editor-in-Chief of the DevOps.com site as well as a partner of The CISO Group, we can add Alan to the list of those that can check both DevOps and security boxes. He’s a prolific writer on both subjects, as well, both in his Network World column and on DevOps.com. Follow Alan for an array of DevOpSec content from around the web.
13. Gareth Rushgrove @garethr
As an engineer at Puppet Labs, Gareth is at the forefront of the DevOps movement. He’s also got a good amount of security experience under his belt, including the release of a security test suite called Prodder and a pentesting playground suite. He writes frequently about Puppet, InfoSec, and automation on his blog, and gives talks on all three topics at conferences in the UK, where he’s based, and elsewhere.
Gareth shares tons of DevOps and security content in his Twitter stream, both articles written by him and by other thought-leaders in the landscape. And if you’re not already subscribed to his DevOps Weekly newsletter, now is the time!
14. Justin Collins @presidentbeef
Justin built Brakeman, an open source static code analysis tool (we’ve previously written about it here), and that’s already a great reason to follow him. The Ruby on Rails tool is used by the likes of Twitter and GitHub, and even if you don’t use the tool, Justin offers a lot of great advice for those doing continuous integration security and retweets plenty of interesting and relevant InfoSec content.
15. Damon Edwards @damonedwards
Co-founder of Rundeck, Damon is a big proponent of the DevOps movement, and does a great deal to advocate it to organizations that would benefit from a leaner approach. He’s helped organize the first DevOpsDays and is now a founder and managing partner at DTO Solutions, which offers DevOps and IT Operations consultancy. He also writes on the Dev2Ops.org site, and often speaks on the agile approach at conferences around the world.
Damon offers a great deal of wisdom from his peers and himself, including DevOps Cafe interviews with thought-leaders.
16. Laksh Raghavan @
Laksh is the Senior Security Strategist at PayPal where he specializes in Application Security. With over fifteen years of experience in the field of application security and information risk management, Laksh is an experienced speaker with shows from RSA to Microsoft Development conferences under his belt. Laksh is new to Twitter, and we are looking forward to learning more from him as he tweets on!
17. DJ Schleen @
The current Information Security Advisor at Aetna, DJ is also an ethical hacker at Red Team, security junkie, and DevSecOps idealist. His Twitter is filled with the latest from the DevOops and security testing worlds, along with coverage of DevOps events.
18. George V. Hulme @
George is an award winning writer and tech journalist who frequently reports on the DevOps world. He has been in the game for over 20 years, and his work has appeared in dozens of known technology publications. Today, George freelances as well as is the security blogger at InformationWeek.com. You can keep up with his work, along with many articles in the DevOps and InfoSec scenes, by following him on Twitter.
19. John Willis @
John has worked in IT for over 35 years and is currently the Director of Ecosystem Development at Docker. Additionally, John is part of the DevOps Cafe podcast duo,is a popular blogger and regular DevOps speaker. Follow John on Twitter for a dose of DevOps (among other topics) and check out his GitHub Gist to view his work.
Sign up today & never miss an update from the Checkmarx blog
Interested in trying CxSAST on your own code? You can now use Checkmarx's solution to scan uncompiled / unbuilt source code in 18 coding and scripting languages and identify the vulnerable lines of code. CxSAST will even find the best-fix locations for you and suggest the best remediation techniques. Sign up for your FREE trial now.
Checkmarx is now offering you the opportunity to see how CxSAST identifies application-layer vulnerabilities in real-time. Our in-house security experts will run the scan and demonstrate how the solution's queries can be tweaked as per your specific needs and requirements. Fill in your details and we'll schedule a FREE live demo with you.