The 5 Web Security Professionals To Follow On Twitter

Web security is a key area of concern for organisations across the globe; with reputation and trust at stake, a web security breach can be highly damaging to any brand. And it’s not just the smaller organisations at risk, a host of high profile web breaches in the last 12 month’s demonstrates how companies of all sizes need to be vigilant against web attacks.

With web security at the forefront of our thoughts,  HANDD has decided to compile a list of 5 of the best web security professionals to follow on Twitter. As leaders in the field, these guys know what they’re talking about, and so it’s always worth taking note of what they have to say. They often publish great tips, advice, suggestions and articles to help you ensure you are one step ahead of the hackers, spammers, and general tech criminals, and they all make for an essential and enjoyable follow!

1. Graham Cluley

Twitter: @gcluley Web:

Graham Cluley is  senior technology consultant at Sophos, and daily contributor at Naked Security, the award-winning IT security news, opinion, advice and research mag from Sophos.

The readers of Computer Weekly voted him security blogger of the year in 2009 and 2010, and he pipped Stephen Fry to the title of “Twitter user of the year” too. He was also named “Best Security Blogger” by the readers of SC Magazine in 2011.

A true computer security enthusiast, his articles are interesting, fun and of course security-centric!

2. Jeremiah Grossman

Twitter: @jeremiahg Web:

Jeremiah Grossman is a world-renowned expert on Internet security and the founder of WhiteHat Security (recently named one of “America’s 100 most promising companies”), where he oversees web security, R&D and industry evangelism. Named one of InfoWorld’s top 25 CTOs, Grossman is a Maui High graduate and “self-confessed” hacker who speaks at top universities and conferences worldwide.

As well as hitting his popular blog and following him on Twitter, check out his presentation ‘Hack Yourself First’, at last year’s TEDxMaui, it’s the public face of Jeremiah in a nutshell, and a great web security speech!

3. David Marcus

Twitter: @DaveMarcus Web:

We all know McAfee, and we should all know Dave Marcus!

Mr Marcus is the Chief Architect of the Advanced Research and Threat Intelligence arm at the McAfee Federal Advanced Programs Group. A serious job for a serious security professional.

An avid tweeter and blogger, it’s definitely worth following this guy for regular updates, news, stories and interesting articles on everything tech-security. Sometimes serious, sometimes fun – always worth a read!

4. Stewart Room

Twitter: @StewartRoom Web:

Stuart Room is a UK lawyer specialising in data protection, security, privacy & technology. A Partner at FFW, he is an FT Legal Innovator award winner and Director at Cyber Security Challenge UK, an organisation set-up in response to the alarming decline of young UK residents entering IT careers, and with one aim – to find young, talented individuals who can become the new breed of Cyber Security professionals.

Stuart is a regular tweeter on all things IT security, and his popular blog at, with a regular emphasis on the politics, policies and legalities surrounding cyber security in the UK and beyond, is not to be missed for all those in the profession with an interest.

5. Andrew Hay

Twitter: @andrewsmhay Web:

Proudly announcing himself as ‘the man, the myth’, and with a mix of general good-time banter and professional information security opinion and debate, Andrew Hay, Director of Applied Security Research at Cloud Passage, is another industry professional twitter-holic not to be missed.

Banter aside, you shouldn’t take him lightly however. Mr. Hay is a true industry veteran, with more than a decade of experience related to endpoint, network and security management across various product sectors, including – excuse the mouthful – security information and event management (SIEM); log management; deep packet inspection (DPI); security analytics; vulnerability management; penetration testing; intrusion detection and prevention (IDS/IPS); firewall; threat intelligence; application whitelisting; network and host forensics; incident response; and governance, risk and compliance (GRC), as well as a host of Professional and Board Memberships.

Andrew Hay has been there and done it all, and with all that experience to learn from you’d be slightly foolish (in our opinion) not to bookmark his blog and add him to your follow list!