Wiz

Top 16 cloud security experts you should follow in 2023

Handpicked by our research team: The annual list of 16 thought leaders you need on your feed.

5 minutes read
Wiz Team

Cloud security isn't just about keeping up with change, it's about being part of the conversation. We've asked our talented cloud security researchers at Wiz to share with us, and you, who they look up to in the industry.

Here's who they think you should follow to stay sharp this year:

Anna McAbee

Amitai Cohen, our Attack Vector Intel Lead, recommends Anna McAbee, a Senior Solutions Architect, Security at Amazon Web Services (AWS). Anna excels in articulating complex AWS Security concepts through her blog posts and whitepapers on incident response in the cloud, and her regular engagement with the cloud security community is awesome.

Follow Anna on LinkedIn

Clint Gibler

Leading Wiz's research on networks, Danielle Aminov endorses Clint Gibler. As the head of Security Research in Semgrep and the creator of the ‘tl;dr sec’ newsletter, Clint's original research and security insights provide pivotal contributions to the cloud security space.

Follow Clint on Twitter

Corey Quinn 

If you're interested in AWS news and insights, Rotem Lipowitch's pick, Corey Quinn, is the person to follow. Creator of "Last Week in AWS", Corey provides a keen and analytical lens on AWS's developments. His engaging podcast and his commentary on AWS updates make him an invaluable resource.

Follow Corey on Twitter

John Lambert

As Wiz's Threat Detection Lead, Itamar Gilad endorses John Lambert, one of Microsoft's leading security gurus. Known for his innovative and influential threat-hunting work, John brings a blend of deep expertise, industry insights, and a forward-thinking approach. His contributions in cyber threat identification and risk mitigation make him a valuable addition to your following list. In addition to his substantial contributions to the cybersecurity world, John also shares captivating photos from his nature excursions. His love for nature gives a refreshing and human touch to his profile, reminding us that there's life beyond the cloud!

Follow John on Twitter

Kelsey Hightower

Shay Berkovich, our Kubernetes expert, suggests Kelsey Hightower — a well-known Kubernetes and Cloud pioneer and a co-founder of KubeCon. Kelsey describes themselves as a minimalist, advocating for the simplification of processes and removal of unnecessary complexities in cloud operations. A big part of their work nowadays revolves around increasing Kubernetes adoption by simplifying the Kubernetes processes and making it "approachable". Kelsey spoke at numerous conferences on Container and Kubernetes Security, Open-source and even published multiple books. Kelsey's tweets always get tons of attention, and it’s really easy to understand why.

Follow Kelsey on Twitter

Bishop Fox

Specializing in app & net security, Oren Ofer recommends following the Bishop Fox account. While Bishop Fox is an organization, its collective insights on app & net security, especially on innovative projects on Linux/container hacking, make it a must-follow. Bishop Fox's hands-on approach and practical demonstrations are a valuable resource for anyone working in the same space.

Follow Bishop Fox on Twitter

Maddie Stone 

Our vulnerability intel researcher, Merav Bar, endorses Maddie Stone. Maddie’s comprehensive review of 0-days exploited in-the-wild in 2022, presented at Zer0Con 2023, offers deep insights into the latest in the field of cloud security. Her research approach and expertise are sure to enlighten your understanding of the industry.

Follow Maddie on Twitter

Ilya Epshteyn

Scott Piper, who helps customers secure their AWS environments, recommends following Ilya Epshteyn. Ilya works on the Identity team at AWS, and writes about how to use data perimeter concepts to create security guardrails for AWS environments.  The data perimeter labs he built are a great resource for a better understanding of how IAM works in combination with resource and network capabilities.

Follow Ilya on Twitter

Andy Nguyen

Nir Ohfeld, the researcher behind the Big IAM Challenge and one of the researchers behind vulnerabilities such as ChaosDB and OMIGOD, recommends following Andy Nguyen. His expertise offers valuable insights and updates on container and Linux security, making him a must-read for those interested in staying updated in these areas.

Follow Andy on Twitter

Karl Fosaaen 

Lior Sonntag, our lateral movement expert, endorses Karl Fosaaen. As VP of Research at NetSPI and an Azure Security expert, Karl delivers deep insights into Azure Security concepts, including exploiting misconfigurations, vulnerabilities and more. His posts and articles on Azure are valuable resources for an in-depth understanding of Azure security.

Follow Karl on Twitter

Nick Frichette 

Sagi Tzadik, the researcher behind ChaosDB, recommends following Nick Frichette for his creative and insightful content on cloud security. Nick, with his practical, hands-on approach showcased in his creation 'Hacking the Cloud,’ an encyclopedia of tactics and techniques that offensive security professionals can use in cloud exploitation. His unique, hands-on approach to cloud security is not only enlightening but also incredibly valuable for professionals navigating the complexities of the field.

Follow Nick on Twitter

James Kettle 

Hillai Ben Sasson, the researcher who discovered the #BingBang attack vector in Azure Active Directory (AAD) that affected Microsoft’s Bing.com, recommends James Kettle. James is a web security expert who specializes in innovative attack techniques such as Request Smuggling and Cache Poisoning. He posts interesting research pieces in the field, as well as useful research tools and Burp extensions. He also posts educational content such as tutorials and demo labs that can be helpful for beginners. 

Follow James on Twitter

Chris Doman 

Avigayil Mechtinger, a cloud threat detection expert, highly recommends Chris Doman. Chris's tweets are a rich source of information on cloud forensics, a discipline that covers the collection, analysis, and interpretation of evidence found in the cloud to investigate incident response. His expertise in different aspects of cloud threats, coupled with his timely sharing of knowledge, makes him a must-follow for anyone wanting to stay on top of the latest trends in cloud forensics.

Follow Chris on Twitter

Mark Ermolov 

Barak Sharoni, our GenAI and attack vectors researchers, recommends Mark Ermolov, a researcher from PT Security. Mark has been publishing insightful and forward-thinking content about the Intel CPU, including management engine (ME) and microcode vulnerabilities, offering valuable insights for hardware security researchers. Throughout the years, he successfully established his personal brand as a pioneer in the intel realm of research.

Follow Mark on Twitter

Aidan W. Steele 

Shir Tamari, the Head of Research at Wiz, recommends Aidan W Steele. Aidan has been a pioneering voice in the cloud-native security space for over five years, consistently proposing new approaches and solutions to complex security problems. His consistent delivery of quality content and innovative thought leadership sets him apart in the industry.

Follow Aidan on Twitter

Scott Piper 

Alon Schindel, our Director of Data & Threat Research, recommends Scott Piper, a cloud security historian known for his obsession with examining the geologic records of AWS SDK commits. In addition to this, Scott is a Threat Researcher at Wiz. He has developed tools such as flaws.cloud, CloudMapper, and Parliament. Furthermore, he is a founding member of the annual fwd:cloudsec conference.

Follow Scott on Twitter

In cloud security, it's all about staying in the loop. By following these experts, you're taking an important step to stay up-to-date, understand industry trends, and keep your organization safe. So grab a coffee, open up Twitter, and start exploring what these incredible thought leaders have to share. Happy learning!

To recap, here's our list of top cloud security voices you should follow in 2023:

  1. Anna McAbee

  2. Clint Gibler

  3. Corey Quinn

  4. John Lambert

  5. Kelsey Hightower

  6. Bishop Fox

  7. Maddie Stone

  8. Ilya Epshteyn

  9. Andy Nguyen

  10. Karl Fosaaen

  11. Nick Frichette

  12. James Kettle

  13. Chris Doman

  14. Mark Ermolov

  15. Aidan W Steele

  16. Scott Piper

P.S. Got any recommendations of your own? We’d love to hear from you! Let us know by tagging us on Twitter: @wiz_io

Tags
#Research

Continue reading

Compromised Microsoft Key: More Impactful Than We Thought

Shir Tamari

Our investigation of the security incident disclosed by Microsoft and CISA and attributed to Chinese threat actor Storm-0558, found that this incident seems to have a broader scope than originally assumed. Organizations using Microsoft and Azure services should take steps to assess potential impact.

Get a personalized demo

Ready to see Wiz in action?

“Best User Experience I have ever seen, provides full visibility to cloud workloads.”
David EstlickCISO
“Wiz provides a single pane of glass to see what is going on in our cloud environments.”
Adam FletcherChief Security Officer
“We know that if Wiz identifies something as critical, it actually is.”
Greg PoniatowskiHead of Threat and Vulnerability Management
Get a demo