10 AppSec Twitter Accounts to Follow
Application security is rapidly growing in importance for businesses. Not only has security become front-of-mind for almost every company on the planet, but the ever-more agile pace of development cycles has increased the need for strong AppSec components. But, as AppSec grows more sophisticated, so does the complexity. There’s a ton to learn and consume when it comes to DevOps and AppSec.
So, where do you find important, in-the-moment news and learn about the largest industry trends?
On Twitter, of course!
Here are 10 AppSec (or DevSecOps) Twitter Accounts to Follow. These are the people who bring consistent value to their followers and keep in touch with the most critical industry happenings.
Kurt Baumgartner (@k_sec)
As the Principal Security Researcher for Kaspersky’s Global Research & Analysis Team, Kurt is knee-deep in AppSec. Not only is he responsible for research and reporting on threat actor patterns and activities, but he speaks at massive conferences and is a regular face in AppSec news interviews. Kurt’s Twitter account is a smorgasbord of security and DevOps issues mixed with regular commentary on the AppSec world at large.
Dan Cornell (@danielcornell)
Dan Cornell is the Chief Technology Officer at Denim Group — an AppSec company that works with Fortune 500 brands to refine security strategies and provide in-depth assessments. Dan has done it all. He was the CTO of BrandDefense, Vice President for Rare Medium’s Java and UNIX competency center, founder and VP at founder Atension, Inc., and he’s also the creator of ThreadFix — Denim’s DevOps AppSec tool. With an impressive resume of accomplishments, Dan is a regular speaker at OWASP AppSec USA, Blackhat Arsenal, and other massive AppSec conferences. His Twitter thread is a complication of industry happenings and niche AppSec threats. This is definitely a must-follow.
Mark Goodwin (@mr_goodwin)
As the Staff Security Engineer at Mozilla, Mark is deep in the trenches of WebAppSec. He’s a regular feature on the Mozilla security blog, and he has the privilege of dealing with some of the grimy, in-the-moment WebAppsSec issues before they hit the mainstream. His Twitter feed is alight with WebAppSec talk, and he regularly offers guidance on emerging threats. Think about how many people try to abuse Firefox? That’s what Mark has to deal with every day. Chances are, he’s encountered a good chunk of the biggest WebAppSec threats on the market. And he talks about plenty of them on his feed.
Ben Hawkes (@benhawkes)
Google’s Project Zero team is tasked with finding zero-day vulnerabilities. These are vulnerabilities that are unknown or unpatched and are actively abuse-ready. Ben Hawkes is a leader over at Project Zero. Ben is literally on the front-lines when it comes to AppSec. And his Twitter is absolutely drenched in AppSec news, information, guidance, support, and resources. This is a mecca of AppSec.
Mohit Kumar (@unix_root)
The Hacker News is one of the world’s most important AppSec blogs. It’s definitely not the biggest (that honor belongs to sites like ZDNet.) But it is typically one of the first blogs to break news on new threats. If there’s a new CVE vulnerability impacting users, The Hacker News and it’s founder Mohit Kumar are probably already tweeting about it. Following Mohit Kumar is like having a compilation of hacking “Greatest Hits” in your feed. He’s constantly tracking and announcing vulnerabilities (from big to small), and he’s involved in the community as a whole.
Chris Romeo (@edgeroute)
Founder of Security Journey, Chris Romeo is tasked with helping brands built security cultures and bake AppSec into IT frameworks. So, it only makes sense that Chris’s account is involved in the AppSec space. Whether or not it’s simply an extension of his job, Chris’s Twitter feed is dripping with juicy AppSec knowledge. This account also dives into DevOps a little, but the primary focus is on security.
Parisa Tabriz (@laparisa)
As Google’s self-dubbed “Security Princess,” Parisa Tabriz is a director of engineering at Google, and she oversees security for Chrome as well as Project Zero. Imagine being tasked with hunting down zero-day vulnerabilities while dealing with the day-to-day of Chrome security. That’s not an easy job. Given the nature of her work, Parisa’s Twitter feed is naturally security-related. From announcing and discussing zero-day vulnerabilities to showcasing research and new info on AppSec issues, Parisa Tabriz is possibly the most follow-worthy account on this list. And that’s not an easy feat.
Kelsey Hightower (@kelseyhightower)
From solving problems over on Google’s Google Cloud team to preaching his cloud-native gospel, Kelsey Hightower is one of the most prominent cloud-first influencers on the planet. Kelsey is a regular feature on just about every cloud-related podcast on the planet, and he’s the keynote speaker at plenty of major events throughout the year. With over 80k followers, Kelsey is one of the rare tech advocates that has broken into the mainstream in a small way, though the majority of his followers tend to be tech-savvy. AppSec is enabled (and disabled) by the cloud, and Kelsey keeps his followers up-to-date on cloud happenings.
Troy Hunt (@troyhunt)
Troy Hunt is the Australian Microsoft Regional Director and Microsoft MVP for Dev Security. Troy is a regular feature in dev security news and podcasts, and he also sits in front of congress to talk about data breaches. When it comes to Twitter feeds, Troy has garnered an impressive following (over 100k). With tons of followers and security-rich content, Troy’s Twitter feed is a must-follow for AppSec and DevOps teams.
Jeff Atwood (@codinghorror)
As the founder of the coding blog Coding Horror — which is one of the most important and content-rich insider blogs in the programming space. Jeff’s involvement with security is indirect. And, he has plenty of programming content that certainly falls outside of the goalposts set up by AppSec and DevOps. That being said, when he writers an AppSec post, expect it to be mind-blowingly in-depth. From quote pulls and statistics to code diving, Jeff’s blog uncovers some of the most important (and most peculiar) AppSec stories.
Kiuwan delivers incredible AppSec capabilities that are ready to fit snugly into your DevSecOps pipeline. Ready to learn more? Contact us.