The incident response industry is anything but static, and it is often said that the key to staying ahead is staying informed. But that’s easier said than done. Faced with the increasing sophistication of cyber attacks and the growing complexity of IT architectures, we often drown in our daily slew of tickets and alerts, with no time left to spare.
So what can a busy incident response professional do to stay ahead of the curve? Fortunately, there are some brilliant incident response experts whose findings and advice you can leverage to your advantage. That is why we’ve created a list of our 11 favorite incident response experts to follow so that you can stay informed on the latest developments in the industry.
Katie Moussouris is a renowned ethical hacker and authority on vulnerability disclosure and bug bounties. Previously a member of Atstake, she created the bug bounty programs at Microsoft as well as the U.S. Department of Defense. She is the founder and CEO of Luta Security, a company that specializes in bridging the gap between businesses, governments, and hackers.
Adrian Sanabria is the Co-founder of Savage Security, an applied research firm on a mission to improve the state of security and defensive posture globally. He is an outspoken and brilliant researcher who has spent the last 13 years defending large financial organizations, building intricate security programs, and performing penetration tests.
While Adrian’s expertise lies in hands-on PCI and pentesting, he also has a solid understanding of the business side of the industry after working as a research analyst at 451 Research. Suffice it to say that Adrian’s well-maintained blog and Twitter account are definitely worth following.
When it comes to the top cyber security experts lists, Graham Cluley almost always makes the cut. And for good reason: Graham is an award-winning writer, admired keynote speaker, and world-renowned cyber security professional with over 20 years of experience.
Nowadays, Graham is an independent security analyst who regularly makes media appearances and gives talks at top industry events and conferences. He also runs an award-winning computer security blog and hosts a top-notch @SmashinSecurity podcast.
Robert is THE expert when it comes to industrial control system networks. He is well-known for his analysis of the 2015 attack on the Ukraine power grid; a high-profile attack that was the first of its kind. He currently runs his own industrial cyber security company Dragos, Inc. that specializes in IoT and industrial systems security. Over the course of his career, Robert has worked offense, defense, and intelligence in various government and private sector teams. A passionate educator, Robert is also a course instructor working with the SANS Institute.
Erno Doorenspleet is a Global Executive Security Advisor and Security CTO at IBM Netherlands. Erno has over 20 years of industry experience. He is a much sought-after international speaker covering the intersection of cyber security, IT, cloud computing, and IoT.
Matthew Dunwoody is the Principal Applied Security Researcher at FireEye, and frequently contributes to the company blog. As an integral part of the Advanced Practices Detection and Analysis Integration team, he often publishes his research on attacker techniques, innovative detection evasions, prototyping and testing detection, and analysis tools. Matthew is also very active on Twitter, where he shares the latest news and updates from his team.
7. Jack Crook
Jack is the Principal Incident Responder for General Electric, and a highly coveted speaker who specializes in threat hunting and adversary behavior. He writes the influential blog DFIR and Threat Hunting in which he discusses methods and techniques he uses in his day-to-day work. Follow Jack for hands-on guides and breakdowns of his threat-hunting techniques and methods.
Alan Orlikoski is a Security Engineer at Square Inc who specializes in digital forensics and incident response. Alan has an extensive background in computer forensics, having led some of the largest incident response programs in both the public and private sectors. He is an expert in everything malware, computer forensics, threat actors’ tactics, techniques, and procedures. Alan is frequently invited to speak at global industry events, and is very active on Twitter.
9. Ed Skoudis
Ed is a highly respected pentesting and incident response expert. He is consistently brought in by top enterprises and government agencies to provide after-attack analysis on major breaches, especially where sensitive financial data has been compromised.
As a SANS Faculty Fellow, Ed has taught cyber incident response and advanced penetration testing techniques to over 14,000 (and counting) cyber security professionals. He is also the creator of NetWars CyberCity, the notorious cyber-simulators used by both private and public sectors to provide continuous development and evaluation to their cyber teams.
10. Tavis Ormandy
Tavis Ormandy is a well-known white hat hacker turned Google employee. His career as an ethical hacker is truly impressive; Tavis is credited with discovering severe vulnerabilities in Libtiff, Sophos' antivirus software, Trend Micro, Symantec, Cloudflare and Microsoft Windows, to name just a few. He is currently a vulnerability researcher at Google’s Project Zero team. Follow him for cutting edge updates on threat research, incident response, and a little bit of humor.
11. Nick Carr
Nick Carr leads the research and discovery team at FireEye. Nick is a front-line incident responder who routinely leads significant cyber espionage and digital crime investigations. In addition to his technical expertise in computer forensics and adversary pursuit, Nick is a trusted advisor who guides enterprise and government executives through high-stake critical events. Nick often publishes his research on the company website, and can also be found on Twitter.
Engaging the Incident Response Community
As an incident responder, you have your hands full. That is why community matters; by following and engaging with the top experts in the field you can stay informed on the latest trends, tactics, developments, and TPPs. If you learn something from these professionals, make sure to thank them, retweet and share what you have learned with others in the community.
Did we miss your favorite expert? Let us know and we’ll update our list.