The Security experts I follow on Twitter

My primary interests are cloud, social media, and security. Anything related to information, web, data, and computer security would attract my attentions. So I spent a lot of time to try to find what security experts research on and are interested in. So I compiled my own list of security experts. I watch their tweets daily and learn what they blog and talk about. It is a public list and you are free to follow (@fangfeng88/security). Here is the top 30 in the list (format is “name | @handle: blog site | job”):

Bruce Schneier | @schneierblog: | the Chief Security Technology Officer of BT.

Graham Cluley | @gcluley: | Senior Technology Consultant at Sophos

Mikko Hypponen | @mikko: | F-Secure Chief Research Officer

Eugene Kaspersky | @e_kaspersky: | Chairman and CEO, Kaspersky Lab;

Luis Corrons | @Luis_Corrons: PandaLabs Technical Director –  Spokesperson

Christien Rioux | @dildog: | Chief Scientist & Co-founder of Veracode

Kevin Mitnick | @kevinmitnick: | CEO, Mitnick Security Consulting LLC

Sean-Paul Correll | @lithium: | Threat Researcher at Panda Security and Founder of Malware Database.

Dave Marcus | @davemarcus: Director of security research at McAfee Labs

E J Hilbert | @ejhilbert: | Managing Director at Kroll Cyber Security and Information Assurance

Stewart Room | @StewartRoom: | London-based lawyer practising in privacy, data protection and data security law.

Josh Corman | @joshcorman: | Co-Founder of Rugged Software

Mike Dahn | @mikd: | Director of Threat and Vulnerability Management at PricewaterhouseCoopers

Aaron Portnoy | @aaronportnoy: | Manager of the Security Research Team at TippingPoint Technologies

Rafal Los | @Wh1t3Rabbit: | Chief Security Evangelist at HP Software

Bill Brenner | @billbrenner70: | Managing Editor at CSOonline and CSO magazine, part of CXO Media and IDG Enterprise

Richard Bejtlich | @taosecurity: | Chief security office at Mandiant

Gene Kim | @realgenekim: | Founder and former CTO of Tripwire, Inc

Alex Hutton | @alexhutton: | Director of Operational Risk at Verizon

Anton Chuvakin | @anton_chuvakin:  | Research Director at Gartner

Adam Ely | @adamely: | CISO of Heroku at

Brian Krebs | @briankrebs: | computer, internet security journalist

Christofer Hoff | @beaker: | Chief Security Office at Juniper

George Hulme | @georegvhulme:  | Business & Technology Journalist

Martin McKeay | @mckeay: | Security Evangelist at Akamai

Eric Jacksch | @EricJacksch: | Ottawa-based security professional

Dan Mintz | @technogeezer: | Chief Operating Officer at Powertek Corporation

Nick Shelby | @nselby: | CEO and co-founder of Cambridge Infosec Associates, Inc

Kenneth Smith | @ken5m1th: | Senior information security solution architect, GreenPages Technology Solutions

Thomas Wilhelm | @thomas_wilhelm: | the “Hacker Junkie”

Dave Lewis | @gattaca: | | security practitioner

I listed the top 30 names, but the Twitter list “security” contains more than 200 names, many of them are well-known security experts.


Gregory D Evans: the Hacker

Gregory D Evans is famous. He had appeared on TV shows, University platforms, security conferences keynote speakers. He’s an example of a soul coming back from the dark side. According to his own web site,

He reminds me of Skywalker from Star Wars. I kept comparing him with Anakin, the young Skywalker. Without a doubt, both Evans and Skywalker were extremely talented. At young age, they were able to master high difficult skills in their own fields.

Anakin became the best of Jedis though he was trained relatively late. He fought hard with his masters against the dark force, and won the love and blessing of Padame Amidala. However, gradually he became more and more obsessed with hatred and revenge, personal feelings overcame the duty as a Jedi. This was taken advantaged by Supreme Chancellor Palpatine, eventually became his tool to take down the Jedi temple and completely fell to the dark side, and transformed into Darth Vader.

Gregory started his hacking career since 7th grader. He broke into the school system to change fellow students’ grades for money. He stole money from banks, millions of dollars. He was self-claimed “World’s No. 1 hacker”, had been arrested and convicted felon by the FBI and law enforcement. It’s reported that he was charged to owe millions for his felony. He was also accused of plagiarism, fraud and unethical practices in the security industry. Many don’t believe he is who he claimed to be.

He had turned around since and now helps FBI to try to catch the bad guys, to educate public about cyber threats, and to give speeches about importance of cyber security. He’s the founder and CEO of security firm LIGATT,

Whether he is like what he was accused or not, it can be investigated and discussed. I don’t want to be judgemental here. What I want to say is that even you had been convicted in the past, you are still welcome to be on the right side of the fight. Your hacking knowledge may be invaluable. Continuously doing unethical hacking for personal gain will likely be considered as a threat to national security. Although you may say I am not a bad guy, real bad guys or even nation sponsored terrorists could advantage of the murky water to cause real damage or massive loss of life, like 911 type of attack.

Now is a critical time for security experts to form a strong alliance with former and current hackers who’s willing to participate in a constructive dialog, to create a strong defense to protect the nation and the Internet. Otherwise, we may really lose the war against cyber terrorists and hostile nations.