Illustration of Gold Stevie Award

“An Entrepreneurial Dynamic Duo”

Perimeter 81 has won a Gold Stevie® Award in the Founding Team of the Year category in The 18th Annual International Business Awards® (IBAs). According to the IBA judges, company co-founders, Amit Bareket and Sagi Gidali, are an “entrepreneurial dynamic duo” delivering a “masterclass in business development.”

The International Business Awards are the world’s premier business awards program. The 2021 IBAs received entries from organizations in 63 nations and territories. Due to the ongoing COVID-19 crisis, the traditional gala IBA banquet honoring the winners will be celebrated during a virtual ceremony on Wednesday, December 8, 2021.

In giving the Gold Award to Perimeter 81, the judges also cited the company’s “cutting-edge technology” and its ability to help transition businesses “from outdated, expensive hardware to a simplified cloud-based SaaS solution for the modern and remote workforce. A lot of hard work went into this and the perseverance paid off for this company. It’s an excellent success story worth emulating. The future is bright.”

Hypergrowth During Covid

“We’re excited that the founding story of our rapidly growing company resonated with the judges,” said Amit Bareket, CEO and Co-Founder of Perimeter 81. “We have poured our energy into the dream of helping companies of all sizes deliver secure access to their on-premise and cloud-based network resources to geographically dispersed employees. While we did not expect COVID-19and the seismic changes it caused—and continues to cause in the workplace—we were very fortunate to be at the right place at the right time. With the COVID-19 pandemic, we entered a period of hypergrowth, and were able to help thousands of businesses securely embrace the hybrid workplace, literally overnight.”  

Perimeter 81 improves network visibility and delivers seamless onboarding and full integration with AWS, Azure, Google Cloud, Splunk, and other major cloud providers. Since its founding in 2018, Perimeter 81 has been selected for numerous other awards, including Deloitte’s Technology Fast 500, Gartner Cool Vendor recognition, the Red Herring Top 100, and more.

A Company Inflection Point 

“Some might say that my cofounder Amit and I are like an old married couple as we have been working together day and night for almost a decade,” says Sagi Gidali, CPO and Co-founder at Perimeter 81. “We have shared an office for the better part of 10 years, even as we have rapidly grown. This award comes at an inflection point in the company’s evolution. In the coming days, Amit will be moving to the USA to rapidly grow our already-established US presence.”  

Stevie Award winners were determined by 260 executives worldwide who judged more than 3,700 nominations from organizations of all sizes in a variety of categories, including Company of the Year, Marketing Campaign of the Year, Best New Product or Service of the Year, Startup of the Year, Corporate Social Responsibility Program of the Year, and more. The judging process took place from June through early August.

“What we’ve seen in this year’s IBA nominations is that organizations around the world, in every sector, have continued to innovate and succeed, despite the setbacks, obstacles, and tragedies of the ongoing Covid-19 pandemic,” said Stevie Awards president Maggie Gallagher.  “All of this year’s Stevie Award winners are to be applauded for their persistence and their resilience.”

Hamlet Circa 2021

If Hamlet were an IT Manager or CTO in 2021, there’s a 37% chance that his company would have had a serious cyber incident, whether from ransomware or phishing. He would bemoan the fate of his network, the company’s business, and maybe its customer data. And of course, he’d be faced with a huge question: “to pay, or not to pay.”

According to the anti-virus company Kaspersky, more than half (56%) of ransomware victims paid the ransom to recover their data. But for 17% of the victims, paying the ransom did not guarantee the return of the stolen data. Kaspersky recommends that ransomware victims do not pay the ransom as this only encourages cybercriminals to continue their nefarious work.

 

Why Organizations Still Pay Ransom

Many ransomware victims or their insurance companies still pay the ransom despite the cybersecurity companies and law enforcement recommendations. For the victims, paying the ransom is often the quickest—and cheapest—solution. 

The May 2019 ransomware attack on the City of Baltimore, Maryland, is a case in point. At the advice of the FBI, the city did not pay the 13 Bitcoin ransom (about $100,000). However, the non-payment cost the city nearly $18 million in cleanup costs and lost revenues—or almost 180 times more.

But as the size of the ransoms grows, the cost parity is disappearing. As a result, cyber insurance coverage for ransom payments may be ending. AXA, one of Europe’s biggest insurers, announced that it would no longer cover ransom payments in its cyber insurance policies at the request of the French justice and cybersecurity officials.

 

Decrypting the Mystery at Kaseya

While the supply chain ransomware attack on Kaseya and the $70 million ransom was a huge topic of discussion even outside of IT circles, some recent news regarding the ransomware attack has surprisingly received less attention to date. 

On July 22, 2021, Kaseya announced it had obtained a REvil ransomware decryptor “from a third party.” The company reports that the decryption tool is “100% effective” at decrypting files that were encrypted during the attack. Some have speculated that the company paid the ransom directly or through a third party, but Kaseya has vociferously denied this: 

“While each company must make its own decision on whether to pay the ransom, Kaseya decided after consultation with experts to not negotiate with the criminals who perpetrated this attack and we have not wavered from that commitment. As such, we are confirming in no uncertain terms that Kaseya did not pay a ransom – either directly or indirectly through a third party – to obtain the decryptor.”

So how did Kaseya get the decryptor? It’s possible that they received it from the US government, the Russian government, or someone in the REvil group who caved in to pressure from Putin. Or maybe one of Kaseya’s partners paid the ransom. It’s unlikely we’ll ever know. 

Phishing Strikes Close to Home

There are approximately three billion phishing emails each day. The odds are that you have recently received some or have some in your email spam folder right now. Fortunately, a good IT Manager will keep your office’s systems up to date. More importantly, you should know how to look for the signs of a phishing attempt, such as an unusual or misspelled email address. For example, in the email below, the sender was pinterest *at* suporrt.com.  (Yes, that’s “support” with one “p” and two “r”s.

This particular email especially devious because it gives you links to reset your password or to enable two-factor authentication. In other words, doing the “right thing” is actually doing the wrong thing. Clicking on these links could install spyware, ransomware, or even lead to a hack of your company’s on-premises and cloud-based networking resources.

The Need for a Unified Cybersecurity Approach

The wave of attacks against high tech companies, municipalities, fashion retailers, and more prove that all organizations need to adopt a unified cybersecurity and networking approach such as the Secure Access Service Edge (SASE).  One of its core features is a Secure Web Gateway (SWG) with URL filtering that can block suspicious links and prevent employees from opening them. Another feature, Device Posture Check (DPC), enhances network security by ensuring that employees can only connect to network resources using devices that comply with a company’s security policies. This prevents malicious access and cyberattacks by automatically denying access to insecure or unknown devices at login. Even if they are using valid credentials, yet lacking a specific hidden file, the device can be identified as using stolen credentials and denied access to networking resources. 

 

Hybrid Work at Sydney’s Largest Sleep Disorder Clinic

The Meredith Respiratory and Sleep Centre is the largest sleep disorder clinic in Southern and Western Sydney, with four locations. They offer personalized sleep treatment and care with various sleep studies, oxygen studies, and wakefulness tests accompanied by a full range of expert advice and service.

Before Covid-19 hit Australia, Meredith was a hybrid workplace with about one-third of the staff working from home. Everyone could easily access the cloud-based Office 365 for email, but the on-premises electronic patient medical record system was accessed using the Remote Desktop Protocol (RDP) and a VPN.

RDP seemed like the logical choice to access the corporate network as it came standard with Windows and was easy to set up. More importantly, it was easy to use for non-techies who needed to enter an IP address and password. But RDP was just as easy for hackers.

 

Ransomware Becomes a Monthly Occurrence

“Because of the RDP, we were getting hacked every month,” says Omar Matter, IT Manager for Meredith Respiratory and Sleep Centres. “After detecting a ransomware attack, I would have to shut down the network for an hour and roll back our electronic records system using our offsite backups. Usually, we only lost an hour or two of data. But if it was a severe attack and I caught it relatively late, we could lose a full day of data.”

Omar was looking at Perimeter 81, but a high-speed VPN wasn’t yet a priority. That changed overnight when the hackers locked the company out of its accounting system.

Exterior image of Meredith Sleep Centre

Attacks Drop to Zero with Zero Trust

Omar worked from a backup to restart the accounting system and then rapidly deployed Perimeter 81’s Zero Trust access. After completing the initial setup within a few hours, Omar installed Perimeter 81 on the remote users’ laptops. 

“Right after we switched, ransomware attacks dropped to zero, without making life more difficult for the users. They found the desktop agent with Two-Factor Authentication very easy to use. More importantly, they reported that their connections to network resources at any of our offices were faster. The increased performance is from Perimeter 81’s Site-to-Site Interconnectivity and Split Tunneling features.”

 

Ready for COVID-19 or Anything Else

As a cloud-based solution, Perimeter 81 scales easily and lets you make very rapid changes to your network. For example, when COVID-19 hit Australia, Meredith quickly shifted all of its employees to remote work at no risk to the corporate network or its applications.

“Today, Perimeter 81 is an essential part of our IT strategy. In general, I don’t think Meredith could do business without it. It’s also made the network much more agile. Our ransomware issue was really a blessing in disguise. If we had gone through the Covid period without Perimeter 81, we would have been in a lot of trouble.”

 

The Big Zig-Zap to Permanent Hybrid

Hybrid Work Isn’t Going Away

If you’re not looking at the hybrid workplace as a permanent solution, it could be time to reconsider. Many Fortune 500 companies saw their hybrid work policies as a path to repopulating their offices, but they are now revising their plans.

Google was an early leader in remote work during the pandemic. In April 2021, they announced a plan to get people back to the office for two or three days a week, but after September 1, 2021, employees would need to apply formally to work remotely for more than 14 days a year. Around the same time, Amazon announced a similar return to the office: “’Our plan is to return to an office-centric culture as our baseline. We believe it enables us to invent, collaborate, and learn together most effectively.”

The Ford Motor Company took a different approach from Google and Amazon. In March 2021, announced a hybrid work-from-office (WFO) and work-from-home plan (WFH) for all non-place-dependent workers, giving up to 30,000 employees in North America the option to partially work from home forever and going to the office only as needed.

Zig-Zagging to a Post-COVID Workplace

It took just a month for Google to reconsider its back-to-office plan and opt for a hybrid workplace. In a company email, Google CEO Sundar Pichai wrote that they expect 60% of Googlers to come to the office for a “few days a week,” with 20% working in new office locations and 20% working from home. In addition, they will offer “work-from-anywhere weeks” in which Googlers can temporarily work from a location other than their main office.

Amazon, too, rethought its back-to-office policy and decided to offer Amazonians “a mix of working between the office and home” with three non-specific days in the office. VP-approved exceptions were also possible, but approved employees would receive only an “agile workspace” rather than a dedicated one.

Deloitte’s UK branch skipped the zig-zagging entirely and on June 18, 2021, announced that all of their 20,000 UK staff could indefinitely work from home (or wherever they want in the UK), even after COVID-19 restrictions are lifted. They are also considering whether staff can work abroad for a period.

View of Deloitte skyscraper

What Were They Thinking?

The decision by Google, Amazon, and a few others to corral people back to the office was quite surprising considering that study after study revealed both the productivity of remote work and its popularity. A May 2020 McKinsey survey found that 41% of employees reported that they were more productive remotely than in the office. In its analysis of 2,000 tasks and 800 jobs in nine countries, McKinsey concluded that more than 20% of the workforce could work remotely 3-5 days a week as effectively as from an office.

But it wasn’t just McKinsey. Prudential’s Pulse of the American Worker Survey found that 87% preferred to work remotely at least once a week, and 68% said that the ideal workplace model was a hybrid model that included both WFH and WFO. 

More importantly, a May 2021 survey found that 39% of US adults would rather quit their jobs than go back to the office full-time, including 49% of Millenials and Gen-Zs—who comprise more than half the workforce.

How Much is Working From Home Worth?

Talk may be cheap, but employees place a significant monetary value on the new flexible workplace. Although working from home saves only an average of $5,000 in annual expenses, 64% prefer working from home or hybrid work over a $30,000 annual raise

In a 1000-person survey by the anonymous professional network Blind, only three out of 45 leading companies had more respondents who choose the $30,000 raise over working from home: 53% at JPMorgan Chase, 56% at Cisco, and 58% at Qualcomm.

Getting Ready for the New Permanent Hybrid Workplace

As companies come to grips with the new permanent hybrid workplace, their IT infrastructure must be prepared—whether it’s on the cloud, on-premises, or a combination of both. The risks to networks from ransomware and other attacks by cybercriminals have multiplied as more of the workforce moves beyond the company’s internal network.

Companies may initially want to take the easy approach to remote networking by relying on Remote Desktop Services and the RDP protocol. But in that case, they could very likely find themselves the victims of ransomware attacks—like an Australian healthcare company that suffered from monthly attacks until they used Perimeter 81 to secure their remote access.   

A robust secure access solution does not necessarily require a significant investment in infrastructure. A cloud-based solution can be easily deployed and scaled by businesses of all sizes without the costs of hardware or the worry of software updates.

Secure Access Service Edge (SASE), a framework of solutions for secure access, enables network access through identity-driven permissions rather than locations. Access to data and other resources is strictly controlled based on relevant attributes, such as user and group identity, application access, and the data’s sensitivity. With SASE, remote employees no longer have to tunnel into the corporate network, only to exit and access cloud-based resources. Instead, they use the nearest public Wi-Fi or PoP connection to access a worldwide mesh of secure physical and cloud resources. 

It offers unified cloud management, zero-trust networking as a service, and firewall as a service to protect site-centric and cloud resources. Most importantly, SASE is also self-updating and ensures endpoint compliance, which will avoid the risks of working with outdated, insecure software.

As Josh Bersin, a leading HR consultant, notes, “We are not ‘going back’ to the office, we are ‘going forward’ to a new, hybrid work culture.” 

It’s time to get your network ready. 

Debunking SASE Myths & Highlighting Business Benefits advert with images of the speakers

The world of cybersecurity is undergoing an incredible transformation birthed by the introduction of Secure Access Service Edge, more commonly known as “SASE”. The core of SASE is to offer a unified cybersecurity solution that caters to all the unique cloud and network security needs harbored by any company.

The arrival of SASE is already producing incredible benefits for organizations, businesses, and enterprises that are securing their networks or remote workforces with cutting-edge cloud technology. SASE was coined in Gartner in 2019 and by definition specializes in  “simplifying WAN networking and security by delivering both, as-a-cloud-service directly to the source (user, device, office, edge location), rather than only the enterprise data center.”

But, when it comes to the realities of SASE, myths exist that can prevent organizations from tapping into its incredible power. Our Co-founder and CEO, Amit Bareket, spoke with Zeus Kerravala, Principal Analyst at ZK Research to debunk these myths in our most recent webinar.

“Don’t fear change. It will only hold your company back.”
– Zeus Kerravala, Principal Analyst, ZK Research


Watch the Webinar On-Demand:

Myth #1: SASE should be deployed in one go

The incredible benefit of SASE is that it does not require a business or organization to deploy the services all at once. Companies can choose to begin with Zero Trust services for remote access, then scale upwards as needed. Not only is this a simpler setup process, but it far more cost-effective for smaller and medium-sized operations. The shift to the cloud is wrought with potential for issues that prevent companies from maximizing security success, with SASE, greater flexibility exists when deploying solutions.

The power of SASE is now replacing traditional firewalls and networking, which sounds appealing but also frightening to business decision-makers. Where do they start? What about current hardware investments? Will this disrupt the bottom line? It is fair for businesses to be concerned over massive migrations to the cloud, eliminating the need for hardware that has already been invested in. The advantage of SASE is that it’s purely cloud-based and driven by software. This makes it exceptionally simple to integrate with existing infrastructure, allowing companies to slowly shift into the cloud from on-premise networking. 

When it comes to massive data migration, big lifts and shifts are intensive and disruptive to existing operations. Decision-makers should be focused on developing a migration strategy and plan when approaching the transition to the cloud from the current hardware infrastructure. Luckily, SASE licensing is flexible, giving decision-makers the chance to make a smaller investment to get started small with an option to scale for growth. 

Myth #2: SASE starts with SD-WAN

There is no right answer to deploying the right security solution for a business. Before the arrival of COVID-19, decision-makers started with SD-WAN but were driven to SASE for its ease of deployment and its cost-effective nature. But today, many SD-WAN deployments are on hold as businesses are enabling SASE to secure their remote workforces. This is helping today’s business to secure the return for work for companies getting back to normal.

SD-WAN may be an excellent choice for some as it possesses a wide array of features, but it’s not always suitable for internet security and remote access. Traditionally, remote access agents and technology are too complex for the average user that simply needs to access corporate assets. It boils down to the specific needs of the company and reacting with the right solution for them. 

Ultimately, it’s up to the decision-maker to decide on what to deploy first and how. There is no right or wrong way to deploy SASE. The most important thing is to develop and follow the pre-determined migration strategy. 

Myth #3: SASE is a complicated security model

The preliminary steps of deploying a new network security solution are always a challenging feat. However, for SASE services, setup is simpler, faster, and future-proofed to guarantee seamless service management. Traditional network security solutions have never been regarded as simple. They relied on expensive equipment to control traffic, but that opens to many blind spots that remain uncovered. SASE offers greater agility and options, which may seem complex at first. But, it truly forces IT professionals and decision-makers to re-think their approach to cybersecurity. 

While SASE is software-based and centralized to make it easy to use and control, its benefits are still largely unknown. For the uninitiated that are unsure how to navigate the world of SASE and cybersecurity, companies like Perimeter 81 are sherpas of change, helping to guide customers along their unique journey. This lets companies feel comfortable embracing the new paradigm shift and opening the door to SASE solutions.

Myth #4: SASE primarily secures corporate networks

Companies are now understanding that the future requires security beyond the perimeter of an office, to wherever employees are accessing resources. For example, a medium-sized company needs to tunnel data to a branch office but with multiple firewalls in place, the complexity level of configuring policies and managing access is a burden. While implementation and configuration become less complex, so too is the user experience when interacting with a cutting-edge network security platform. Difficult to decipher dashboards with complex wireframes have been replaced by the modernized user interface for the modern workforce. Once deployed, SASE is controlled with a centralized console to manage every component of the network security stack, simplifying future management and support. 

Most companies, corporate or otherwise, are unaware of the exceptional benefits available to them via SASE security services because they make assumptions that evolved into modern myths. It’s important to break down these myths and clarify misconceptions to ensure that decision-makers can learn which solutions are right for them and why. The future of network security will go hand in hand with SASE, making today ideal for businesses to get started. 

Myth #5: SASE is only for enterprise

Traditionally, most small or medium-sized businesses may neglect SASE as it may appear exclusive to large corporate companies and enterprises. The distributed nature of enterprises makes them an ideal use case for SASE solutions, but industry experts believe all companies can benefit from its power and agility. Legacy solutions were also previously unavailable (and unaffordable) to most businesses, but today, these organizations can activate enterprise-grade SASE in the same fashion as setting up a new Office 365 account. This allows SASE to be commoditized, consumable security in the same way that we subscribe to apps and subscription services.

The prevalence of SASE has expanded the potential and the availability of cyber services to easily offer comprehensive security coverage. This can be applied to corporate banks with dozens of branches, or small businesses with only a few devices in a local area network.

Moreover, Secure Access Service Edge can be for any type of business or organization, ranging from healthcare startups to financial institutions. Smaller operations now have an opportunity to tap into previously unobtainable security services at a cost that is fair for any business budget.

SASE Infographic Perimeter 81

With the rise of remote and hybrid work following COVID-19, IT teams are growing increasingly frustrated with the overload of security tools and products, more commonly known as tool sprawl. 

In fact, the average IT team is using between 10-30 security monitoring solutions for applications, network infrastructures, and cloud environments according to a recent 451 Research survey. But there is a better and more effective way to combat tool sprawl. 

SASE to the rescue! SASE or Secure Access Service Edge offers a unified solution to eliminate tool sprawl and allow IT teams to easily secure all of their organization’s valuable resources and users in an agile, cost-effective, and scalable way.

Our SASE for Superheroes infographic visualizes all of the major pain points IT and security teams face and why organizations are rapidly embracing SASE as part of their long-term security strategy plan.

[Infographic] SASE for Superheroes - Defending Your Perimeter and Beyond

Get your free SASE for Superheroes eBook [Download Now]

SINET16 Innovator Award Winner

An”Innovative and Compelling” Cybersecurity Company

The Security Innovation Network (SINET) has selected Zero Trust Network Access and SASE leader Perimeter 81 as a  2021 SINET16 Innovator award winner. The award is given to the 16 most “innovative and compelling” companies addressing cybersecurity threats and vulnerabilities.    

The 16 winners were selected from among 190 applicants from 18 countries. The applicants were evaluated in a series of two rounds by the SINET Judging Committee, comprised of 117 Fortune 500 CISOs, government and private industry Risk Executives, and the world’s leading venture capitalists and investment bankers.  

Affirmation of Hard Work and ZTNA and SASE Leadership

“Being named a SINET 16 Innovator is an affirmation of our hard work and the strength of our unique product vision,” says Amit Bareket, CEO and Co-Founder at Perimeter 81. “This honor comes at a very thrilling time at the company in which we are rapidly scaling and solidifying our position as a leader in Zero Trust Network Access (ZTNA) and the Secure Access Service Edge.” 

“The era of the classic hardware-based VPN for accessing the corporate network is over,” says Sagi Gidali, CPO and Co-Founder of Perimeter 81. “As we’ve seen in the news, network access in today’s hybrid workplace can only be truly secure through cloud-based Zero Trust Network Access and SASE solutions like Perimeter 81. The Internet has become the corporate network, and employees must be granted access to networking resources based on who they are and what they need to do—not where they are located.” 

Simplifying Cybersecurity for the Hybrid Workforce

Perimeter 81 simplifies cybersecurity and secure network access for the hybrid workforce by transforming multiple outdated, complex, hardware-based network security technologies into a single, easy-to-use, cloud-based security platform, including Zero Trust Network Access, Firewall as a Service, VPN as a Service, Device Posture Security and more. The company’s offering is designed to be easy to buy, quick to implement, and simple to use on a day-to-day basis, both for IT professionals and non-technical users of networking resources.

Perimeter 81 improves network visibility and delivers seamless onboarding and full integration with AWS, Azure, Google Cloud, Splunk, and other major cloud providers. Since its founding in 2018, Perimeter 81 has been selected for numerous other awards, including Forrester’s New Wave Leader for ZTNA, Deloitte’s Technology Fast 500, Gartner Cool Vendor recognition, the Red Herring Top 100, CRN Emerging Vendor, and more.

“I am excited to announce this year’s class of the SINET16 Innovators who are emerging as leaders in their field and paving the way for critical security advancements into multiple government agencies and industry sectors,” said Robert D. Rodriguez, Chairman of SINET. “We look forward to watching these companies continue to grow and help protect our national security and economic interests.”

Read more about Perimeter 81’s ZTNA leadership in The Forrester New Wave™ Zero Trust Network Access Report Q3/2021.

Illustration Forrester ZTNA Leader

Intuitive and Modern ZTNA Management

Forrester has named Perimeter 81 as a Zero Trust Network Access leader and gave Perimeter 81 the highest marks possible in the nonweb and legacy apps, client support, product vision, and planned enhancements criteria.    

The leading technology consultancy found that “Perimeter 81’s ZTNA management is intuitive and modern. Its ability to handle nonweb applications like VoIP is a major differentiator in this field.” In addition, they noted that Perimeter 81 is “the best fit for smaller enterprises that need ZTNA as a service, quickly. [Its] self-service portal allows smaller organizations to sign up quickly and onboard dozens of applications in less than a month.”

In addition, the independent analyst also noted that “Perimeter 81 reference customers are among the most enthusiastic of those included in this evaluation. They extol the vendor relationship, support, and dedication to improving the product quickly.”

Validating Our Strategic Direction

“We are thrilled that Forrester has named Perimeter 81 a leader in Zero Trust Network Access,” says Amit Bareket, CEO and Co-Founder at Perimeter 81. “This recognition validates for us our strategic direction for enabling secure network access in the hybrid workplace. There is one company network called the Internet, and employees need to access networking resources  based on who they are and what they need to do—not where they are located.”

The Forrester New Wave™ report is Forrester’s evaluation of top products in an emerging technology market. In the report, Forrester assesses these products’ core capabilities and strategies and enables companies to make well-informed decisions without spending months conducting their own research.

For the New Wave™ Zero Trust Network Access Report Q3 2021, Forrester examined the 15 most significant vendors in this category.

Perimeter 81 simplifies cybersecurity and secure network access for the hybrid workforce by transforming multiple outdated, complex, hardware-based network security technologies into a single, easy-to-use, cloud-based security platform, including Zero Trust Network Access, Firewall as a Service, VPN as a Service, Device Posture Security and more. The company’s offering is designed to be easy to buy, quick to implement, and simple to use on a day-to-day basis, both for IT professionals and non-technical users of networking resources.

 

Recent Breaches Show Need for Secure Access

“The downside of flexible, hybrid work is that it has increased the attack surface of every company,” says Sagi Gidali, CPO and Co-Founder of Perimeter 81. “The recent wave of data breaches and ransomware, from the Colonial Pipeline to the T-Mobile breach, has demonstrated that secure access is a must-have for businesses of all types and sizes. As a young, rapidly growing company, we are especially grateful for the industry recognition in The Forrester New Wave report and our customers’ high level of enthusiasm. We believe both are a testament to our determination to provide the highest levels of cybersecurity with a relentless commitment to our customers’ success.”

Perimeter 81 improves network visibility and delivers seamless onboarding and full integration with AWS, Azure, Google Cloud, Splunk, and other major cloud providers. Since its founding in 2018, Perimeter 81 has been selected for numerous other awards, including Deloitte’s Technology Fast 500, Gartner Cool Vendor recognition, the Red Herring Top 100, CRN Emerging Vendor, and more.

Download a complimentary copy of The Forrester New Wave™ Zero Trust Network Access Report Q3/2021.

Our First In-Person Show Since Covid

We were super excited to be back this year for Black Hat USA’s hybrid event. We’d arranged to have a booth on the floor of the Mandalay Bay in Las Vegas as well as a virtual booth in which visitors could stop by and request a live product demonstration.

Our theme was built around our SASE for Superheros eBook (definitely worth a read!). We took a fun and light-hearted approach, in true Black Hat style. It was also well-suited for coming out of our Covid-induced hibernation.

We had a caricature artist at the booth to transform security pros into organizational superheroes as well as some great swag, including wireless earbuds, wireless speakers, and cool stickers (an homage to one of our founder’s first startup as a nine-year-old kid).

A Pre-Show Surprise

Preparations for the exhibition and travel plans seemed fairly normal. It felt good to have Covid behind us. But then, bit by bit, the Delta variant was all over the news. It started to cast a shadow over the whole event, but we were hopeful.

Then on August 1, just days before the show, the organizers announced that exhibitors and visitors would need to wear masks inside and that the requirement would be strictly enforced.

Would this reduce attendance?

Coexisting with a New Mask Mandate

Black Hat 2021 was nothing like the pre-Covid days with tens of thousands of visitors. But that doesn’t mean it wasn’t a success. The hybrid combination of having a virtual and in-person event was smaller, but attendees were much more ready to do business.

The Delta variant—and the show’s mask mandate—may have kept the tourists away, but IT pros and CISO who came to see the best technology on the market and hear from industry leaders weren’t disappointed. And they were ready to do business.  Leads were lower but more serious and interest in demos was high. With ransomware on the rise, interest in SASE and Zero-Trust Network Access is high.

Having a parallel virtual event was good, but it didn’t offer the same dynamics as approaching a passerby on the show floor.

Perimeter 81 team at Black Hat 2021

The Show Must Go On

Despite the challenges, Black Hat 2021 was indeed successful. Virtual attendees said that they hope to attend in person next year, but it’s clear that Covid still has a major effect on events. This is especially true with the sudden outbreak of the Delta variant.

Like the hybrid workplace, hybrid events are here to stay for the foreseeable future, possibly forever. It’s challenging today to plan for exhibitions because changes can happen in an instant. 

The bottom line is that you need to stay resilient—like your network. 

We’ve compiled the largest list of cybersecurity influencers on Twitter to date. 200 amazing and inspiring people that are making the interconnected world a safer place. The list includes hackers, journalists, founders, service providers, and industry thought leaders from all across the globe.    

The order of influencers was randomized, provided each influencer met our criteria of having a Social Authority score of 35 or above using a tool called Followerwonk from Moz. 

We’ve also included links to all of the influencer’s Twitter profiles, so make sure you follow them to stay up-to-date on the latest news and insights in the world of cybersecurity.

To all the others who didn’t make the list (too many to name), don’t worry, we still think you’re awesome too!  

See who made the list below. 

In memory of Dan Kaminsky

“Friend of freedom and embodiment of the true hacker spirit.” – Electronic Frontier Foundation

February 7, 1979 – April 23, 2021

1. Katie Moussouris

About: Katie Moussouris is a cybersecurity research specialist and pioneer of the bug bounty program at Microsoft and the U.S. Department of Defense’s first bug bounty program for hackers. Katie brings over 20 years of experience and is one of the most sought-after industry thought leaders in cyber defense. She is currently the founder and CEO of Luta Security which utilizes its Vulnerability Coordination Maturity Model (VCMM) and bug bounties to help secure governments and organizations.

Social Authority Score: 76

2. Brian Krebs

About: When a malicious software program locked Brian Krebs out of his computer in 2001, he decided to learn as much as he could about computer and Internet security and would go on to become a renowned investigative journalist on the topic of cybersecurity. KrebsOnSecurity.com is the go-to source for all cybercrime today.

Social Authority Score: 77

3. Kevin Mitnick

About: Long before Kevin Mitnick became a trusted cybersecurity source and legend in the industry, he made the FBI’s most-wanted list as one of the most prolific cyber hackers in history. His creative hacking abilities would reshape the way law enforcement viewed cybercrimes. Mitnick is now a trusted security consultant to Fortune 500 companies and the Chief Hacking Officer of KnowBe4, a global leader on security awareness training.

Social Authority Score: 66

4. Marcus Hutchins

About: Marcus Hutchins AKA MalwareTech is a British-born computer security researcher and malware analyst known for temporarily stopping the WannaCry ransomware attack and for his role in the controversial Kronos malware scandal leading to his arrest in 2017. Hutchins gave his side of the story in a featured Wired article piece titled “The Confessions of Marcus Hutchins, the Hacker Who Saved the Internet”.

Social Authority Score: 81

5. Christopher Krebs

About: Christopher Krebs holds the privilege of serving as the first Director of the Cybersecurity and Infrastructure Security Agency (CISA) in the United States Depart of Homeland Security from November 2018 to November 2020 before his departure. Krebs is a frequent keynote speaker at major cybersecurity events such as RSA Conference, Cybersummit, and at the SANS Cyber Threat Intelligence Summit.

Social Authority Score: 87

6. Mikko Hypponen

About: Mikko Hyppönen is one of the most recognizable names in the cyber industry. He is the Chief Research Officer at F-Secure, a global security solution leader. Mikko has appeared on countless cybersecurity panels, TED Talks, and was selected among the 50 most important people on the web by the PC World magazine.

Social Authority Score: 88

7. Troy Hunt

About: Troy Hunt is one of the most sought-after thought leaders and security professionals across the globe. He is the creator of Have I Been Pwned? (https://haveibeenpwned.com/) which is a site that checks if your email address or password has been compromised and how to remediate the threat. Hunt is also a Microsoft MVP and Regional Director and has authored many security courses on the highly popular education company, Pluralsight.

Social Authority Score: 86

8. Marcus Carey

About: Marcus J. Carey is the creator of Tribe of Hackers, a best-selling cybersecurity book series and cybersecurity advocate with over 25 years of experience protecting government data and keeping the Internet safe. Carey began his career in the U.S. Navy as a cryptographer and remains a regular name at major security conferences around the globe today.

Social Authority Score: 79

9. SwiftOnSecurity

About: If you’re looking for news on the latest exploits and other major cyber hacks, SwiftOnSecurity is your go-to source on Twitter. With over 330k followers, SwiftOnSecurity is one of the most followed cybersecurity professionals without an actual identity behind the scenes. What is known about SwiftOnSecurity is that SwiftOnSecurity is a Microsoft MVP and author of Decent Security which helps break down common security threats.

Social Authority Score: 86

10. Graham Cluley

About: Graham Cluley is one of the most recognizable faces in the cybersecurity world. The British-born security blogger got his start back in the 1990s as a computer programmer and in 2011 was inducted into the Infosecurity Europe Hall of Face. He is the host of the widely popular @SmashinSecurity(add link) podcast and award-winning computer security blog, Naked Security.

Social Authority Score: 73

11. Eugene Kaspersky

About: Eugene Kaspersky is one of the most well-known figures in the cybersecurity field. in 1989 when his computer was infected with the ‘Cascade’ virus. Kaspersky then developed a removal tool for the virus and eventually would go on to create the AVP Toolkit Pro antivirus program. Over 400 million users worldwide rely on Kaspersky Lab products to keep their computers safe today.

Social Authority Score: 66

12. Bruce Schneier

About: Simply referred to as a “security guru” by The Economist, Bruce Schneier is one of the most influential cybersecurity figures around. Schneier has authored multiple best-selling books including Data and Goliath and Click Here to Kill Everybody. Schneier on Security provides a ton of valuable resources and is a must-read for anyone looking to learn more about the topic of security.

Social Authority Score: 62

13. Eva Galperin

About: Eva had developed a love for computers at an early age and has been a major contributing figure on malware research and free speech. Galperin is currently the Director of Cybersecurity at the Electronic Frontier Foundation (EFF) and technical advisor for the Freedom of the Press Foundation. Prior to EFF, Eva had been working in various security and admin roles throughout Silicon Valley.

Social Authority Score: 82

14. Lesley Carhart

About: Lesley Carhart is a Principal Industrial Incident Responder at Dragos, an industrial (OT/ICS/IIoT) cybersecurity company, and is a recognized expert in the field of cybersecurity incident response and digital forensics. In addition to her vast knowledge on the subject of digital forensics, Lesley also holds many prestigious accolades including DEF CON Hacker of the Year and has been named a “Top Woman in Cybersecurity” from CyberScoop.

Social Authority Score: 84

15. Shira Rubinoff

About: No stranger to top cybersecurity lists. Shira Rubinoff is a very well-recognized name in cybersecurity and a Blockchain expert and advisor. She is widely considered as one of the top cybersecurity influencers out there with an extremely impressive resume. Shira is often a keynote speaker at major security conferences and events around the world. She has received countless honors for her contributions including a Woman of Influence award by CSO Magazine and named one of New Jersey’s Best 50 Women in Business.

Social Authority Score: 71

16. Ryan Goodman

About: With over 145k Twitter followers alone, Ryan Goodman is by far, one of the most recognized cybersecurity influencers in the industry. Ryan is a South-African-born Anne and Joel Ehrenkranz Professor of Law at New York University School of Law and is the founding co-editor-in-chief of its website Just Security.

Social Authority Score: 83

17. Daniel Miessler

About: Daniel Miessler has amassed quite an impressive resume. With over 2,500 essays, posts, tutorials, articles, and other types of content, Daniel Miessler certainly has a lot to talk about in the world of cybersecurity. Miessler also hosts a popular podcast that covers all aspects of security. The San Franciso born security expert began his digital footprint back in 1999 and has since become a leading voice in the industry.

Social Authority Score: 71

18. Maria Markstedter

About: Maria Markstedter is CEO and founder of Azeria Labs which focuses on the exploitation of ARM-based devices with free ARM Assembly tutorials and workshops and other helpful materials on the subject matter. She holds a Bachelor’s in IT Security and is an authority on penetration testing and was listed as one of the Forbes 30 Under 30 in the technology Europe division in 2018.

Social Authority Score: 77

19. Matthew Green

This image has an empty alt attribute; its file name is Matthew-Green.jpg

About: Matthew Green is a highly renowned cryptographer and professor at Johns Hopkins University. Green specializes in the area of applied cryptography and has one of the best blogs around on the subject. He covers the latest Attacks of the Week and has written a library of Conference Papers throughout major publications on security issues.

Social Authority Score: 80

20. Dr. Magda Chelly

About: Dr. Magda Chelly, CISSP, Ph.D. is one of the most influential women in cybersecurity and the founder of the Women of Security Chapter (WoSEC). Her extensive research and writings have been featured by IEEE, RSA Conference, CYBERSEC, and the World Congress on Internet Security. She has also appeared on numerous globally televised interviews discussing the importance of security.

Social Authority Score: 68

21. Robert Herjavec

About: You’ve seen Robert Herjavec help aspiring entrepreneurs live their dreams on ABC’s Emmy-Award-winning hit show Shark Tank, but Robert is also one of the biggest influencers and names in the cybersecurity world. Robert is the Founder and CEO of Herjavec Group which is a global leader in cybersecurity operations. He has served as a Cybersecurity Advisor for the Government of Canada, participated in the White House Summit on Cybersecurity, and is a member of the US Chamber of Commerce Task Force for Cybersecurity. Robert is also a race car enthusiast and has competed in the Ferrari Challenge North America Series.

Social Authority Score: 68

22. Binni Shah

About: Binni Shah is a Linux Evangelist and security enthusiast. She regularly Tweets about helpful tutorials and guides on security. She also loves coffee and Jain food.

Social Authority Score: 72

23. Matthew Hickey

About: Matthew Hickey is CTO and Co-Founder of Hacker House, which offers Hands-On Hacking training and services for companies and individuals. Hickey is also the author of Hands on Hacking: Become an Expert at Next Gen Penetration Testing and Purple Teaming and is a big fan of the outdoors.

Social Authority Score: 80

24. Kevin Beaumont

About: Kevin Beaumont is a Senior Threat Intelligence Analyst at Microsoft and one of the most followed cybersecurity experts on Twitter. His highly informative blog DoublePulsar covers the latest cybersecurity news and ransomware threats.

Social Authority Score: 77

25. Asher Wolf

About: Asher Wolf is an Australian-based transparency and information activist and founder of the Cryptoparty. She talks about being a target of an FBI investigation targeting Wikileaks supporters worldwide. Asher has worked with Open Australia and leads campaigns aiming to reform debt creation and automated data-matching practices by the government.

Social Authority Score: 84

26. Dave Kennedy

About: Dave Kennedy is the Founder of TrustedSec and one of the biggest influencers in the cybersecurity field. David has had the privilege of speaking at some of the nation’s largest conferences, including Microsoft’s BlueHat, DEF CON, Black Hat, and DerbyCon, which he co-created in 2011. He also served as Technical Consultant for the critically acclaimed Mr. Robot TV show.

Social Authority Score: 73

27. Kevin L. Jackson

About: Kevin L. Jackson is a globally recognized cloud computing expert, thought leader, and founder of the GovCloud Network. Jackson graduated from the United States Naval Academy in 1979 with a BS in Aerospace Engineering, later receiving an MSEE in Computer Engineering from the Navy Postgraduate School. Jackson has been recognized as a “Top 100 Cybersecurity Influencer and Brand” by Onalytica and a Top 50 Cloud Computing Blogger for IT Integrators” by CRN.

Social Authority Score: 64

28. thaddeus e. grugq

About: Known only as thaddeus e. grugq, this famously anonymous cybersecurity influencer has managed to amass over 116k Twitter followers while keeping an active blog. His work has been quoted and referenced in The New York Times, Washington Post, Vice, and Wired. His use of memes is legendary as well.

Social Authority Score: 80

29. Jeff Moss

About: Jeff Moss AKA Dark Tangent is a renowned hacker and Internet security expert. Moss began his cyber journey at the age of 10 when he received his first computer and would go on to become the founder of Black Hat and DEF CON. He was appointed ICANN Chief Security Officer in 2011 and has served on countless panels and speaking engagements worldwide.

Social Authority Score: 72

30. Alex Stamos

About: Alex Stamos is an adjunct professor at Stanford University’s Center for International Security and Cooperation, and was the former CSO at Facebook. Stamos co-founded iSEC Partners in 2004 and was well known for his research publications on vulnerabilities in forensics software. Stamos attended the University of California, Berkeley, where he graduated in 2001 with a degree in EECS.

Social Authority Score: 72

31. Richard Stiennon

About: Richard Stiennon is one of the most followed thought leaders in cybersecurity. Stiennon’s extensive career in cybersecurity spans several decades. He began in 1995 as one of the first MSSPs at Netrex, eventually becoming VP Research at Gartner and authoring several books in the process. Stiennon published several books including UP and to the Right: Strategy and Tactics of Analyst Influence and Curmudgeon: How to Succeed as an Industry Analyst.

Social Authority Score: 48

32. Eric Geller

About: Eric Geller is a cybersecurity reporter at Politico where he covers federal cyber policy, election security, global malware outbreaks, and other cyber incidents. He also writes about cyber policy developments at the White House and the Department of Homeland Security.

Social Authority Score: 74

33. hasherezade (Aleksandra Doniec)

About: Aleksandra Doniec, who goes by the username “hasherezade” is a Polish-based malware analyst and software engineer. She has a very large following on Twitter and has even created some open-source tools.

Social Authority Score: 80

34. Dr. Anton Chuvakin

About: Dr. Anton Chuvakin is a Russian-born computer security specialist and physicist. He is a recognized security expert in the field of log management, SIEM and PCI DSS compliance currently involved with security solution strategy at Google Cloud. Dr. Anton Chuvakin has also authored several books on “PCI Compliance” and “Logging and Log Management: The Authoritative Guide to Understanding the Concepts Surrounding Logging and Log Management”.

Social Authority Score: 66

35. Yan Zhu

About: Yan Zhu and current CISO at Brave Software and a major contributor to open-source projects. She was recognized as one of Forbes 30 Under 30 in 2015 and was previously a staff technologist at the Electronic Frontier Foundation (EFF).

Social Authority Score: 71

36. Jeremiah Grossman

About: Jeremiah Grossman is the founder of WhiteHat Security, published author, and one of the most influential cyber bloggers around. Grossman has been featured in the Wall Street Journal, Forbes, NY Times, and hundreds of other media outlets across the globe. When he isn’t writing or delivering a keynote presentation, he can be found practicing Brazilian Jiu-Jitsu (he has a black belt) and is an avid off-road race driver.

Social Authority Score: 67

37. Moxie Marlinspike

About: Moxie Marlinspike is a computer security researcher, entrepreneur, and Founder of Signal, a cross-platform centralized encrypted messaging service. Prior to Signal, Marlinspike was the former head of the security team at Twitter. Marlinspike also holds a Master’s mariner license and enjoys sailing in his free time.

Social Authority Score: 82

38. Joseph Steinberg

About: Joseph Steinberg is a recognized thought leader and influencer in the fields of cybersecurity, privacy, and artificial intelligence. He is also one of the best and most-read columnists in the cybersecurity field. Within three months of going independent in April of 2018, his column reached 1m monthly views; by April of 2020, the column, known as Joseph Steinberg – Totally Candid, reached 2.5m monthly.

Social Authority Score: 69

39. Antonio Grasso

About: With nearly 197k Twitter followers and a combined social reach of over 750k, Antonio Grasso is without a doubt, one of the biggest influencers in the industry. The Naples-born computer scientist and researcher is the Founder of Digital Business Innovation and has explored themes such as Artificial Intelligence, Cybersecurity, Digital Transformation, the Internet of Things, and Blockchain. He is also a Fellow of the Royal Society of Arts.

Social Authority Score: 82

40. Ed Skoudis

About: Ed Skoudis is a well-respected cyber influencer and pen testing legend. He is a regular contributor to Dark Reading and other major cyber publications. Skoudis has taught cyber incident response and advanced penetration testing techniques to more than 12,000 cybersecurity professionals and SANS Faculty Fellow and the lead for the SANS Penetration Testing Curriculum. Skoudis also leads the team that created the SANS Holiday Hack Challenge with KringleCon, which hosts over 19,000 people annually.

Social Authority Score: 64

41. Jayson E. Street

About: Jayson E. Street is a DEF CON legend, hacker, author, and VP of InfoSec at SphereNY. Street consulted with the Secret Service in 2007 on the Wi-Fi security of the White House and is a regular at major conferences. When he isn’t behind his computer or giving lectures on hacking, he can be found traveling the globe in search of new adventures.

Social Authority Score: 68

42. Paul Asadoorian

About: Paul Asadoorian is the Founder and CTO of Security Weekly, a leading podcast on all issues related to cybersecurity featuring a wide variety of thought-leading guests and other industry experts. The Security Weekly YouTube channel has over 30k subscribers as well.

Social Authority Score: 54

43. Kim Zetter

About: Kim Zetter is an award-winning investigative journalist and author at Wired. She has covered the security scene since 1999. She has written for the Jerusalem Post, Los Angeles Times, San Francisco Chronicle, and Sydney Morning Herland. She has also written a book on the Kabbalah that has been published in multiple languages.

Social Authority Score: 80

44. Dr. ir Johannes Drooghaag

About: Dr. ir Johannes Drooghaag is the CEO of Spearhead Management and an internationally sought-after speaker and consultant. He is a top global influencer and thought leader and pioneer of Internet Safety for Kids which helps enable children and parents to use the internet responsibly and to learn more about cybersecurity.

Social Authority Score: 80

45. Adam Levin

About: Adam Levin is a nationally recognized expert on cybersecurity, privacy, identity theft, fraud, and personal finance. Levin is the Founder of CyberScout (a Sontiq brand). He has appeared on ABC News, The Today Show, Good Morning America, CBS Evening News, CNBC Closing Bell, MSNBC, Fox Business, and has been featured in almost all major security publications. His illustrious career spans over four decades as well.

Social Authority Score: 67

46. Nicole Perlroth

About: Nicole Perlroth is an award-winning cybersecurity journalist for The New York Times and cybersecurity influencer. She has covered major cyberattacks including the Iranian attack on oil companies, hundreds of Chinese cyberattacks, and North Korea’s cyberattacks against movie studios. She has also authored the book “This Is How They Tell Me The World Ends”.

Social Authority Score: 83

47. Kate Brew

About: Kate Brew is one of the most influential bloggers on cybersecurity and Editor of the AT&T Cybersecurity blog. Kate has over 15 years experience in product marketing and information security.

Social Authority Score: 57

48. Zeus Kerravala

About: Zeus Kerravala is the founder and Principal Analyst with ZK Research. Kerravala spent a decade as an analyst at Yankee Group prior to ZK Research and has authored many featured articles in major publications such as Dark Reading and Network World. We recently did a webinar with Zeus Kerravala on Demystifying the Realities of SASE which we highly recommend checking out.

Social Authority Score: 62

49. Katie Nickels

About: Kate Nickels is the Principal Intelligence Analyst for Red Canary, SANS Certified Instructor, and a big influencer in the cybersecurity world. In her free time, she volunteers with the Cyberjutsu Girls Academy (CGA), a program for teenage girls that seeks to inspire exploration and learning in cybersecurity and STEM.

Social Authority Score: 71

50. Tarah Wheeler

About: Tarah Wheeler is a Cyber Project Fellow at the Belfer Center for Science and International Affairs at Harvard University‘s Kennedy School of Government. She has spoken on information security at the European Union, at the Malaysian Securities Commission, for Foreign Policy, the OECD, and FTC. Tarah is also an accomplished poker player and has amassed $3,640 in lifetime cash in the World Series of Poker.

Social Authority Score: 68

51. Wendy Nather

About: Wendy Nather is the Head of Advisory CISOs at Cisco. She was listed as one of SC Magazine’s Reboot Leadership “Influencers” in 2018 and Women in IT Security “Power Players” in 2014. She is also co-author of The Cloud Security Rules and had served as Research Director of the Information Security Practice at independent analyst firm 451 Research.

Social Authority Score: 69

52. Jo Peterson

About: Jo Peterson is the VP of Cloud and Security for Clarify360 and founder of Cloud Girls, a vendor-neutral, not-for-profit community of female technology advocates. She has been named a CRN Woman of the Channel from 2016-2019, Oracle Top 15 People to Follow in Cybersecurity, Onalytica Top 50 Female Cybersecurity Influencers, and now Perimeter 81’s 200 Cybersecurity Influencers Making a Difference in 2021.

Social Authority Score: 75

53. Eric Vanderburg

About: Eric Vanderburg is the current VP Cybersecurity of TCDI and a well-respected thought leader. Vanderburg got his start in cybersecurity back in the early ’90s and was chair of the Computer Networking Technology program at Remington College’s Cleveland-West campus.

Social Authority Score: 62

54. Jackie Singh

About: Jackie Singh is the founder of Spyglass Security and regarded as one of the premier experts on the subject matter. She had joined the Biden campaign in July of 2020 as a senior cyber incident responder and threat analyst.

Social Authority Score: 73

55. Charlie Miller

About: Charlie Miller is one of the most well-respected names in the industry. He had previously worked at the National Security Agency and for Uber. Among his notable accomplishments, Miller had won a $10,000 cash prize at the hacker conference Pwn2Own in Vancouver, British Columbia in 2008 for being the first to find a critical bug in the MacBook Air.

Social Authority Score: 71

56. Maddie Stone

About: Maddie Stone is a Security Researcher at Google’s Project Zero. She has been featured on major publications such as Wired and has spoken at international security conferences such as OffensiveCon, REcon Montreal, DerbyCon, and the Women in Cybersecurity Conference. She has also hiked Kilimanjaro in 2019.

Social Authority Score: 73

57. Alyssa Miller

About: Alyssa Miller is a renowned hacker, security researcher, and international public speaker with over 15 years of experience in the cybersecurity field. At 12 she bought her first computer and landed a full-time job as a programmer at only 17 years old. Since then, she has been an instrumental figure in the cyber industry and Chapter Lead for the Women of Security (WoSEC) Meetup group.

Social Authority Score: 77

58. Katie Paxton-Fear

About: Katie Paxton-Fear is a bug bounty hunter, data scientist, and Ph.D. Student Early Career Researcher at Cranfield University. She creates educational cybersecurity videos on YouTube and has an audience of 10k subscribers. She has also been a panelist at many major events including HackerOne, Bugcrowd, and DefendCon.

Social Authority Score: 67

59. Jack Rhysider

About: Jack Rhysider is the host and creator of the popular Darknet Diaries podcast, one of the best and most acclaimed podcasts on security around. Jack is also a super talented artist and designs all of the artwork for the podcasts and website.

Social Authority Score: 70

60. Gene Kim

About: Gene Kim is a multiple award-winning CTO, researcher, and author, and has been studying high-performing technology organizations since 1999. Gene was featured by ComputerWorld as one of the “40 Innovative IT People to Watch Under the Age of 40” list in 2007 and has published six books including The Unicorn Project – a WSJ Bestseller.

Social Authority Score: 68

61. Runa A. Sandvik

About: Runa Sandvik is a privacy and security researcher and early developer of The Tor Project. She has interviewed Edward Snowden in 2014 and demonstrated how smart rifles with remote access can be hacked remotely. Runa is a board member of the Norwegian Online News Association and an advisor to The Signals Network and the Freedom of the Press Foundation.

Social Authority Score: 68

62. Rinki Sethi

About: Rinki Sethi is the current VP and CISO of Twitter and one of the leading voices in the field of security. She was also the recipient of the “One to Watch” Award with CSO Magazine and Executive Women’s Forum in 2014. Prior to joining Twitter, she had worked with Walmart, Intuit, and eBay.

Social Authority Score: 65

63. Ken Dilanian

About: Ken Dilanian is an NBC News correspondent covering national security and intelligence. Ken Dilanian was a reporter in the Los Angeles Times’ Washington, D.C., bureau from April 2010 until May 2014. Before that, he had spent three years at USA Today, where he covered foreign policy and Congress.

Social Authority Score: 78

64. Marc Goodman

About: Marc Goodman is a New York Times Best-Selling author, global strategist, and security consultant. Future Crimes: Inside the Digital Underground and the Battle for Our Connected World is an absolute must-read for everyone. He has even done a TED talk around the topic and has worked with organizations such as INTERPOL, the UN Counterterrorism Task Force, NATO, and the U.S. Government.

Social Authority Score: 47

65. Window Snyder

About: Window Snyder is an American computer security expert and Founder and CEO of Thistle Technologies. She was also a Senior Security Strategist at Microsoft and is co-author of Threat Modeling, a standard manual on application security. She also created the Blue Hat Microsoft Hacker Conference. Window was previously a top security officer at Square, Apple, Fastly, Intel, and Mozilla Corporation.

Social Authority Score: 47

66. Robert M. Lee

About: Robert M. Lee is the CEO and Founder of the industrial (ICS/OT) cybersecurity company Dragos. Considered a pioneer in the ICS threat intelligence and incident response community, Robert was awarded EnergySec’s 2015 Cyber Security Professional of the Year and inducted into Forbes’ 30 under 30 for Enterprise Technology. Robert got his start in the U.S. Air Force where he served as a Cyber Warfare Operations Officer tasked to the NSA.

Social Authority Score: 70

67. Samy Kamkar

About: Samy Kamkar is a renowned hacker that was responsible for the MySpace worm Samy in 2005, which was the fastest spreading virus of all time. Samy has worked with The Wall Street Journal on illicit mobile phone tracking. He also created the Evercookie, which appeared in a top-secret NSA document revealed by Edward Snowden. He is a regular guest speaker and GitHub contributor.

Social Authority Score: 80

68. Eleanor Dallaway

About: Eleanor Dallaway is the Editorial Director of Infosecurity Magazine. She enjoys interviewing industry professionals and has over 15 years of experience in the field. She founded the Women in Cybersecurity Networking Group worked and has worked on programs that encourage teenage girls in high school to get into the InfoSec and technology world.

Social Authority Score: 55

69. Ray [REDACTED]

About: Ray [REDACTED] is a network and Information Security researcher with 20 years of expertise in cyber defense research, application solution design, and next-generation network architectures. He is currently working for Darknet Diaries.

Social Authority Score: 70

70. Rob Fuller

About: Rob Fuller brings over 14 years of experience covering all facets of InfoSec. He is the current CTO and Red Team Captain of the Mid-Atlantic Collegiate Cyber Defense Competition (CCDC) and has also served as a technical advisor for HBO’s show Silicon Valley. Rob has taught at BlackHat USA since 2013 and remains a key speaker at conferences worldwide.

Social Authority Score: 66

71. Dan Goodin

About: Dan Goodin is Security Editor at Ars Technica and has been chronicling the exploits of white-hat, grey-hat and black-hat hackers since 2005. In his spare time, he enjoys gardening, cooking, and following the independent music scene.

Social Authority Score: 61

72. Ashley Willis (McNamara)

About: Ashley Willis (McNamara) is a contributor in the Linux and Go communities. Ashley is part of Microsoft’s Azure team, where she acted as a bridge between third-party developers and Microsoft, driving platform adoption through the developer community and driving change into products based on real-world customer/developer feedback. Ashley is also on the board of multiple engineering groups, including Redis Austin, Big Data Analytics Club, and Austin All-Girl Hack Night.

Social Authority Score: 67

73. Richard Bejtlich

About: Richard Bejtlich was a nonresident senior fellow in the Center for 21st Century Security and Intelligence, part of the Foreign Policy program at Brookings. He is the founder of TaoSecurity. He has also authored or co-authored nine books.

Social Authority Score: 63

74. Rebecca Herold

About: Rebecca Herold is the CEO of Privacy Policy and information security, privacy, and compliance consultant with over 25 years of experience. She has authored 19 books and published hundreds of articles in the field, and was a founding member and officer for the IEEE P1912 Privacy and Security Architecture for Consumer Wireless Devices Working Group.

Social Authority Score: 45

75. Tanya Janca

About: Tanya Janca AKA SheHacksPurple is the Founder of We Hack Purple, an online learning academy dedicated to teaching everyone how to create secure software and best-selling author of “Alice and Bob Learn Application Security”. Tanya has been coding and working in the IT industry for over two decades.

Social Authority Score: 74

76. Casey John Ellis

About: Casey John Ellis is the Chairman, Founder, and CTO of Bugcrowd and disclose.io which provides tools free open-source tools for safe harbor best practices. He has presented at DEF CON, Black Hat USA, RSA Conference, Techcrunch DISRUPT, Shmoocon, ENISA Incibe, Usenix ENIGMA, Derbycon, SOURCEConf, AISA, and AusCERT. The Aussie-born entrepreneur has over two decades of experience in information security as well.

Social Authority Score: 73

77. InfoSecSherpa (Tracy Z. Maleeff)

About: Tracy Z. Maleeff AKA InfoSecSherpa is an Information Security Analyst for The New York Times. The one-time librarian turned InfoSec expert has been featured in the Tribe of Hackers: Cybersecurity Advice and Tribe of Hackers book series and has won numerous awards including the Women in Security Leadership Award from the Information Systems Security Association.

Social Authority Score: 75

78. Brian Honan

About: Brian Honan is an independent security consultant and major influencer based in Dublin, Ireland. He is also the European editor for the SANS Institute’s weekly SANS NewsBites newsletter, founder and head of IRISSCERT which is Ireland’s first CERT, and former Special Advisor on Cybersecurity to Europol.

Social Authority Score: 72

79. Accidental CISO

About: The Accidental CISO is a well-known cybersecurity influencer. He is extremely active on Twitter and definitely worth following.

Social Authority Score: 71

80. Brute Logic (Rodolfo Assis)

About: Rodolfo Assis, better known as Brute Logic is a Brazilian-born self-taught computer hacker and security researcher. His main interest and research involves Cross-Site Scripting (XSS) and has helped fix over 1,000 XSS vulnerabilities in web applications worldwide.

Social Authority Score: 67

81. Josh Corman

About: Josh Corman is the Founder of I Am The Cavalry and Chief Strategist for CISA regarding COVID, healthcare, and public safety. His security blog Cognitive Dissidents is definitely worth checking out as well.

Social Authority Score: 42

82. MalwareJake (Jake Williams)

About: Malware Jake aka Jake Williams is a cybersecurity specialist and SANS Senior Instructor. His Infosec consultancy was involved in high-profile cases including the malware analysis for the 2015 cyber attack on the Ukraine power grid. Williams was awarded the National Security Agency (NSA) Exceptional Civilian Service Award, which is given to fewer than 20 people annually.

Social Authority Score: 75

83. Jane Frankland

About: Jane Frankland is a London-based cybersecurity speaker, author, and influencer with over 21 years of experience. She built a seven-figure business from the ground up without seed capital. Among her other accolades, she has been named as the third most influential person in cybersecurity in the UK and a top twenty global influencer, and now she joins our exclusive list of 200 Cybersecurity Influencers Making A Difference in 2021.

Social Authority Score: 49

84. Dustin Volz

About: Dustin Volz covers cybersecurity and intelligence for The Wall Street Journal based out of Washington DC.

Social Authority Score: 74

85. Javvad Malik

About: Javvad Malik is a Security Awareness Advocate at KnowBe4 and one of the industry’s most prolific video bloggers. Javvad was one of the co-founders of the Security B-Sides London conference and has authored several books.

Social Authority Score: 53

86. Leigh Honeywell

About: Leigh Honeywell is the founder and CEO of Tall Poppy, where she helps companies protect their employees from online harassment. She was previously a Technology Fellow at the ACLU’s Project on Speech, Privacy, and Technology, and co-founded two hackerspaces, HackLabTO in Toronto, and a feminist space called the Seattle Attic Community Workshop in Pioneer Square, Seattle.

Social Authority Score: 76

87. Raj Samani

About: Raj Samani is the current Chief Scientist at McAfee and is a special advisor to the European Cybercrime Centre (EC3) in The Hague. He has been recognized for his contribution to the computer security industry through numerous awards, including the Infosecurity Europe Hall of Fame, Peter Szor award, and Intel Achievement Award.

Social Authority Score: 67

88. Helen Yu

About: Helen Yu is the founder and CEO of Tigon Advisory, a CXO-as-a-Service growth accelerator. She has been named a Top 10 Global Influencer in Digital Transformation by IBM; Top 35 Women in Finance by Onalytica; and Top 100 B2B Thought Leader, Top 10 Cybersecurity and AI Thought Leader by Thinkers360.

Social Authority Score: 74

89. Chris Vickery

About: Chris Vickery is a cybersecurity expert and current Director of Cyber Risk Research at UpGuard. Chris has assisted investigations conducted by the Federal Trade Commission (FTC), the Federal Bureau of Investigation (FBI), the U.S. Secret Service, and the US Department of Health and Human Services (HHS).

Social Authority Score: 81

90. Sherrod DeGrippo

About: Sherrod DeGrippo is the Sr. Director of Threat Research and Detection for Proofpoint with over 16 years of infosec experience. She has been quoted in publications such as The Wall Street Journal, Associated Press, and Ars Technica.

Social Authority Score: 71

91. Dave Lewis

About: Dave Lewis is the Global Advisory CISO at Cisco with over two decades of industry experience. He is the founder of the security site Liquidmatrix Security Digest and co-host of the Liquidmatrix podcast. He has also given keynotes at major conferences across the globe.

Social Authority Score: 58

92. Keren Elazari

About: Keren Elazari is an internationally recognized security analyst, researcher, author, and speaker. Keren Elazari is the first Israeli woman to give a TED talk at the official TED Conference. Keren’s TED talk about hackers has been viewed by millions, translated to 30 languages, and is one of the most-watched talks on TED.com on the topic of cybersecurity.

Social Authority Score: 60

93. Whitney Champion

About: Whitney Champion is a security architect, engineer, developer, and co-founder of Recon InfoSec. She is also a super talented artist that likes to doodle around with cool things and an avid Crossfitter.

Social Authority Score: 63

94. Matt Devost

About: Matt Devost is the CEO & Co-Founder of OODA and a well-recognized thought leader in the security field. He has appeared on CNN, MSNBC, FoxNews, CBS News, and BBC television as an expert on terrorism and cybersecurity. Matt is also on the Advisory Board for the D.C.-based non-profit, MissionLink and is a Mentor at the Virginia cybersecurity accelerator Mach37.

Social Authority Score: 66

95. Chris Eng

About: Chris Eng is the Chief Research Officer at Veracode. He is a review board member for the Black Hat USA and Kaspersky SAS conferences and has appeared on major media outlets such as Bloomberg, Fox Business, and CBS.

Social Authority Score: 53

96. InfoSteph

About: Steph is a security analyst for a retail company with a background in journalism and web hosting. She spends her time mentoring high school students and hosting virtual labs via Women In Tech-a-thons.

Social Authority Score: 68

97. Roberto Rodriguez

About: Roberto Rodriguez is a Threat Researcher at Microsoft and founder of the Open Threat Research community. He routinely posts on the blog with helpful tips and guides.

Social Authority Score: 62

98. Lisa Forte

About: Lisa Forte is a British-born cybersecurity speaker and Partner at Red Goat. She is a mountaineer and was named one of the Top 100 Women in Tech. She is an expert in social engineering, insider threats, and helping large companies rehearse for a cyber attack.

Social Authority Score: 73

99. Kate Fazzini

About: Kate Fazzini is the CEO of Flore Albo and a professor of cybersecurity at the University of Maryland. She teaches in the Cyber Intelligence program at Georgetown University and is the principal cybersecurity expert at CNBC, having previously been cybersecurity correspondent for the Wall Street Journal.

Social Authority Score: 61

100. Sivan Tehila

About: Sivan Tehila is the Director of Solution Architecture at Perimeter 81 and a Cybersecurity expert with over 15 years of experience. She is the Founder of Cyber Ladies NYC and Adjunct Professor of Cybersecurity at Yeshiva University. On retiring from the IDF intelligence corps, Sivan served as a cybersecurity consultant for the Israel Railways and CISO of Research and Analysis Division, and Head of the Information Security Department of the Intelligence Corps.

Social Authority Score: 46

101. Rachel Tobac

About: Rachel Tobac is a social engineer and the Co-founder of SocialProof Security. Rachel is also Chair of the Board for the nonprofit Women in Security and Privacy (WISP) and one of the most influential women in cybersecurity.

Social Authority Score: 77

102. John Kindervag

About: John Kindervag is the Creator of Zero Trust and former Field CTO at Palo Alto Networks. He is considered one of the world’s foremost cybersecurity experts and has spoken at many security conferences and events, including RSA, SXSW, ToorCon, ShmoCon, InfoSec Europe, and InfoSec World.

Learn more about the Zero Trust architecture and why the mantra of “never trust, always verify” is crucial to minimizing data breaches and reducing the attack surface.

Social Authority Score: 37

103. Steve Morgan

About: Steve Morgan is the Founder of Cybersecurity Ventures, Editor-in-Chief at Cybercrime Magazine, and Executive Producer at Cybercrime Radio. He is co-author of the book, “Women Know Cyber: 100 Fascinating Females Fighting Cybercrime” and has written more than 500 articles for Forbes, CSO, and others.

Social Authority Score: 63

104. Costin Raiu

About: Costin Raiu is the Director of, Global Research & Analysis Team at Kaspersky with over 24 years of experience in anti-virus technologies and security research. He is a member of the Virus Bulletin Technical Advisory Board, a member of the Computer AntiVirus Researchers’ Organization (CARO), and a reporter for the Wildlist Organization International. Some of his hobbies include chess, photography, and Science Fiction literature.

Social Authority Score: 73

105. Marietje Schaake

About: Marietje Schaake is the International Director of Policy, Stanford’s Cyber Policy Center, International Policy Fellow, Institute for Human-Centered AI, and President, CyberPeace Institute. She is a Dutch politician who served as a Member of the European Parliament from the Netherlands between 2009 and 2019. The Wall Street Journal called her “Europe’s most wired politician.” She publishes op-ed’s in the Financial Times, The Guardian, and Bloomberg.

Social Authority Score: 76

106. Nicolas Krassas

About: Nicolas Krassas is a Swiss-born security researcher and influencer. He is a contributor to Reddit’s popular r/ReverseEngineering Subreddit and regularly Tweets about helpful hacking tips.

Social Authority Score: 72

107. Zack Whittaker

About: Zack Whittaker is the Security Editor at TechCrunch and covers all security-related topics ranging from Malware to major data breaches.

Social Authority Score: 77

108. Christophe Veltsos

About: Christophe Veltsos is a professor in the Department of Computer Information Science at Minnesota State University where he regularly teaches Information Security and Information Warfare classes.

Social Authority Score: 48

109. Whitney Merrill

About: Whitney Merrill is Privacy Counsel at Asana and Founder of Crypto & Privacy Village. She received the 2017 Women in Security Award and was named one of the 2017 Top Women in Cybersecurity by CyberScoop. Previously she was Privacy, eCommerce & Consumer Protection Counsel at Electronic Arts (EA) and an attorney at the Federal Trade Commission.

Social Authority Score: 76

110. Alan Woodward

About: Professor Alan Woodward is a British-born internationally renowned computer security expert and computer scientist at the University of Surrey. He has been involved in some of the most significant advances in computer technology and was elected as a Fellow of the British Computer Society, Institute of Physics, and the Royal Statistical Society.

Social Authority Score: 58

111. (Snow) Stephanie Carruthers

About: Stephanie Carruthers, simply known as Snow on Twitter, is a Chief People Hacker at IBM Security and Global Social Engineering Expert, X-Force Red. She leads the social engineering practice, focusing on open-source intelligence gathering, phishing, vishing, and physical security assessments.

Social Authority Score: 66

112. Jez Humble

About: Jez Humble is an SRE at Google Cloud and is co-author of The DevOps Handbook, Lean Enterprise, and the Jolt Award-winning Continuous Delivery. He also teaches at UC Berkeley.

Social Authority Score: 70

113. Matt Suiche

About: Matt Suiche is a French-born hacker and entrepreneur widely known as the founder of MoonSols, and co-founder of CloudVolumes before it was acquired. He is a memory forensics expert and also known to have discovered multiple security flaws in multiple Microsoft Windows kernel components. He previously worked as a researcher for Netherlands Forensic Institute in The Hague.

Social Authority Score: 60

114. Natalie Silvanovich

About: Natalie Silvanovich is a security researcher on Google Project Zero and Tamagotchi Hacker. Previously, she worked in mobile security on the Android Security Team at Google and as a team lead of the Security Research Group at BlackBerry.

Social Authority Score: 62

115. gabsmashh | Advanced Persistent Brunette

About: gabsmashh | Advanced Persistent Brunette is a security engineer, genetic scientist, and #MalwareTechPodcast host. She also has almost 60k followers on Twitter.

Social Authority Score: 76

116. Mike Vizard

About: Mike Vizard is a seasoned IT journalist with over 25 years of experience. He has contributed to IT Business Edge, Channel Insider, Baseline, VentureBeat, Security Boulevard, and DevOps.com. Previously, Vizard was the editorial director for Ziff-Davis Enterprise as well as Editor-in-Chief for CRN and InfoWorld.

Social Authority Score: 49

117. Marc Rogers

About: Known as “Cyberjunky”, “Cjunky” or just “CJ” in the hacker community, Marc Rogers is one of the founders of The CTI League, which was featured in this year’s edition of the “WIRED25: People Who Are Making Things Better.” He is currently the VP of Cybersecurity at Okta and part of the Ransomware Task Force (RTF).

Social Authority Score: 64

118. Jason Haddix

About: Jason Haddix is the Head of Trust and Security at Bugcrowd and regular contributor at GitHub. Jason’s interests and areas of expertise include mobile penetration testing, black box web application auditing, network/infrastructure security assessments, and static analysis. He was also the Director of Penetration Testing for HP Fortify and held the #1 rank on the Bugcrowd researcher leaderboard for 2014/2015.

Social Authority Score: 67

119. Rafay Baloch

About: Rafay Baloch is an information security expert and evangelist. He is listed as Top 25 Threat Seekers of 2014 and The 15 Most Successful Ethical Hackers WorldWide by SCmagazine for the issues he uncovered with Android. Checkmarkx has listed Rafay Baloch as a Top 5 Ethical Hackers Of World. His work has been featured Forbes, BBC, and WSJ.

Social Authority Score: 59

120. Heath Adams

About: Heath Adams, known as “The Cyber Mentor” on social media, is a Senior Penetration Tester and the Founder and CEO of TCM Security. He is a highly in-demand course instructor at Udemy with a best-selling course on Open-Source Intelligence (OSINT) Fundamentals.

Social Authority Score: 74

121. Kim Nash

About: Kim Nash is deputy editor of WSJ Pro Cybersecurity, covering strategic and tactical technology security topics for a business audience. Previously, she wrote about enterprise technology for WSJ’s CIO Journal.

Social Authority Score: 47

122. Larry Dignan

About: Larry Dignan is the Global Editor in Chief at ZDNet and Editorial Director of TechRepublic. His column Between the Lines on ZDNet covers a wide range of technology topics including several super interesting pieces on Google I/O. He has been publishing articles around tech and cybersecurity since 1995.

Social Authority Score: 49

123. Micah Lee

About: Micah Lee is the Director of Infosec at The Intercept. He is a computer security engineer and an open-source software developer who writes about technical topics like digital and operational security, encryption tools, whistleblowing, and hacking. He is also founder and board member of the Freedom of the Press Foundation and a member of the Distributed Denial of Secrets advisory board.

Social Authority Score: 71

124. Rik Fërgüson

About: Rik Ferguson is VP Security Research at Trend Micro, and one of the leading experts in information security with over 25 years of experience. He has appeared on major media publications such as the BBC, CNN, CNBC, Channel 4, Sky News, and Al-Jazeera English. In April 2011 Rik was inducted into the Infosecurity Hall of Fame.

Social Authority Score: 60

125. James Arlen

About: James Arlen is the Chief Information Security Officer at Aiven. He was previously the Director of Production Engineering at Salesforce Heroku. Arlen’s expertise, which includes security certifications in CISSP, CISA, and CRISC, has led him to be a known voice in the industry as a blogger, podcaster, speaker, and contributor to media and standards.

Social Authority Score: 45

126. Chris Parker

About: Chris Parker is the Founder of WhatIsMyIPAddress.com and host of Easy Prey Podcast, helping listeners learn how to avoid being an easy target for scammers and fraudsters online and in the real world.

Social Authority Score: 49

127. Dr. Nicole Forsgren

About: Dr. Nicole Forsgren is the VP of Research & Strategy at GitHub. She is also co-author of the best-selling book Accelerate: Building and Scaling High Performing Technology Organizations and a globally recognized speaker. Her work has been featured in the Wall Street Journal, Forbes, ComputerWorld, and InfoWeek.

Social Authority Score: 69

128. fully vaccinated overcaffinated bat

About: @mzbat or fully vaccinated overcaffinated bat is an InfraSec at Truss Works. She has over 47.5k followers and is a regular on Twitter.

Social Authority Score: 66

129. Bridget Kromhout

About: Bridget Kromhout is a Principal Cloud Developer Advocate at Microsoft and is a regular podcaster at Arrested DevOps. She leads the devopsdays organization globally and the DevOps community at home in Minneapolis, Minnesota.

Social Authority Score: 65

130. Jobert Abma

About: Jobert Abma is the Co-founder of HackerOne, the largest in the bug bounty space with over 500,000 registered hackers. He is also a regular contributor on Quora and GitHub, and one of the most influential people in the cyber field.

Social Authority Score: 56

131. Secure The Bag (Keirsten Brager)

About: Keirsten Brager, better known in the Twitterverse as Secure The Bag, went from being a free lunch kid to Sr. Security Consultant specializing in critical infrastructure. She was recently named one of Dark Reading’s top women in security who are changing the game.

Social Authority Score: 65

132. Theresa Payton

About: Theresa Payton is one of the nation’s leading experts in cybersecurity and IT strategy and CEO of Fortalice Solutions. Theresa was named one of the top 25 Most Influential People in Security by Security Magazine and One of Infosec’s Rising Stars and Hidden Gems by Tripwire. In 2005 she was honored as Charlotte, NC’s Woman of the Year. In 2014 she co-authored, with Ted Claypoole, the book Privacy in the Age of Big Data​: Recognizing Threats, Defending Your Rights, and Protecting Your Family, which was subsequently featured on the Daily Show with John Stewart.

Social Authority Score: 55

133. Bob Carver

About: Bob Carver is a CISM and CISSP that helps uncover previously unseen cybersecurity risks and creatively architect solutions. He had monitored hundreds of botnets and ten of thousands infected endpoints including PCs, Smartphones, and Apple OS X, and is a regular contributor to the Verizon-wide risk team.

Social Authority Score: 77

134. Florian Roth

About: Florian Roth is a German-born cyber entrepreneur and creator of the THOR scanner as part of Nextron Systems suite of core products. He is also a contributor to GitHub, where he has many projects in his impressive resume.

Social Authority Score: 81

135. Kenneth Holley

About: Kenneth Holley is a cybersecurity expert and the founder and CEO of Silent Quadrant – a Washington, D.C.-based information technology services and consulting practice serving the nation’s top lobby firms.

Social Authority Score: 60

136. Mudge (Peiter Zatko)

About: Peiter Zatko, better known as Mudge, is a network security expert and was the most prominent member of the high-profile hacker think tank, the L0pht. He was the original author of the password cracking software L0phtCrack. Mudge was previously head of security at Twitter and program manager at DARPA where he oversaw cybersecurity research.

Social Authority Score: 66

137. Scott Helme

About: Scott Helme is an Information Security Consultant and blogger based in the UK. He has been featured in many national and international news outlets including the BBC, The Guardian, The Telegraph, CIO, and Wired. He is the creator of Report URI and Security Headers and an expert on hacking and encryption.

Social Authority Score: 68

138. Emily Freeman

About: Emily Freeman is a technologist and a storyteller who helps engineering teams improve their velocity. She is also the author of “DevOps for Dummies” and “97 Things Every Cloud Engineer Should Know.”

Social Authority Score: 77

139. Cybersecurity Meg

About: Cybersecurity Meg is a CISSP and Cybersecurity Incident Response Manager for a Fortune top 100 company. Her YouTube channel features educational videos on Cybersecurity and she has even participated in a Reddit AMA. She is currently living in Spain.

Social Authority Score: 69

140. Dr. Alissa Abdullah (Dr. Jay)

About: Dr. Alissa “Dr. Jay” Abdullah leads the Emerging Corporate Security Solutions team at Mastercard, Fortune 100 CSO, and former White House Deputy CIO. Dr. Abdullah holds a PhD in Information Technology Management from Capella University, a master’s degree in Telecommunications and Computer Networks from The George Washington University, and a bachelor’s degree in mathematics from Savannah State University.​

Social Authority Score: 60

141. Bill Detwiler

About: Bill Detwiler is Editor in Chief of TechRepublic and the host of Cracking Open, CNET, and TechRepublic’s popular online show. Prior to joining TechRepublic in 2000, Bill was an IT manager, database administrator, and desktop support specialist in the social research and energy industries. He has bachelor’s and master’s degrees from the University of Louisville, where he has also lectured on computer crime and crime prevention.

Social Authority Score: 45

142. Ellen Nakashima

About: Ellen Nakashima is a Pulitzer Prize-winning national security reporter for The Washington Post. She covers cybersecurity counterterrorism and intelligence issues and has been with The Post since 1995.

Social Authority Score: 75

143. Tim Starks

About: Tim Starks is a Cybersecurity reporter/senior editor at CyberScoop and has written about cybersecurity since 2003 when he began at Congressional Quarterly as a homeland security reporter. He also was the Statehouse Bureau Chief at the Evansville Courier & Press and established the Washington bureau of the New York Sun and was part of the Politico team. Tim is also the founder of The Queensberry Rules, dubbed an “indispensable boxing blog” by the Wall Street Journal.

Social Authority Score: 60

144. Justin Seitz

About: Justin Seitz is a Senior Security Researcher for Immunity, where he spends his time bug hunting, reverse engineering, writing exploits, and coding Python. He is the author of “Gray Hat Python”, the first book to cover the use of Python for security analysis. He is also the Creator of Hunchly, a web capture tool designed for online investigations.

Social Authority Score: 57

145. David Linthicum

About: David is the Chief Cloud Strategy Officer at Deloitte Consulting, and a cloud computing thought leader, executive, consultant, author, and speaker. David has written 13 books and over 5,000 articles on computing. He has made numerous appearances on radio and TV programs, and most recently, he was named the #1 cloud influencer in an Apollo Research report.

Social Authority Score: 51

146. Christiaan Beek

About: Christiaan Beek manages threat intelligence research within Intel Security’s Office of the CTO at McAfee. He speaks regularly at conferences, including BlackHat and BlueHat, and contributed to the best-selling security book “Hacking Exposed.”

Social Authority Score: 57

147. Swati Khandelwal

About: Swati Khandelwal is a Senior cybersecurity and privacy reporter and managing director at The Hacker News. She covers hacking-related articles and is a regular on Twitter.

Social Authority Score: 58

148. John Hammond

About: John Hammond is a Security Researcher at Huntress and former Department of Defense Cyber Training Academy curriculum developer. He developed training material and infosec challenges for events such as PicoCTF and the “Capture the Packet” competition at DEFCON US. He also has over 232k YouTube subscribers!

Social Authority Score: 65

149. Nikita Kronenberg

About: Nikita Kronenberg is an expert hacker and the Director of Content & Coordination at DEF CON. She is super active on the Twitterverse.

Social Authority Score: 57

150. Sam Curry

About: At only 21 years of age, Sam Curry is a full-time bug bounty hunter, most notably finding a security vulnerability in Tesla after cracking his windshield. Curry has spoken on ethical hacking, web application security, and vulnerability disclosure at conferences including DEFCON, Black Hat Briefings, and Kernelcon.

Social Authority Score: 65

151. Kelly Jackson Higgins

About: Kelly Jackson Higgins is the Executive Editor at Dark Reading. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise Magazine, Virginia Business magazine, and other major media properties. She was recently selected as one of the Top 10 Cybersecurity Journalists in the U.S. and named as one of Folio’s 2019 Top Women in Media.

Social Authority Score: 47

152. Matteo (Matthew Mitchell)

About: Matthew Mitchell AKA Matteo is the Founder of CryptoHarlem, which aims to drive security and encryption within the African American communities via educational tools. Matthew was also named a Wired 25 2020 and hosts a weekly Livestream on his site.

Social Authority Score: 62

153. Jenny Radcliffe

About: A self-professed “burglar for hire and professional con-artist” Jenny Radcliffe (The People Hacker) is a social engineer and Founder of Human Factory Security in the UK. She also hosts the award-winning podcast “The Human Factor” on her site which was named Best European Security Podcast 2018-2019. **TELL HER SHE MISSPELLED BURGULAR on SPEAKING section of site.

Social Authority Score: 63

154. Peter Van Eeckhoutte

About: Peter Van Eeckhoutte is a Belgian-born cybersecurity researcher, hacker, founder of Corelan Team, and the author of the well-known tutorials on Win32 Exploit Development. Peter has been an active member of the IT Security community since 2000 and has presented at various international security conferences (Athcon, Hack In Paris, DerbyCon, ISSA Belgium).

Social Authority Score: 54

155. Daphne Keller

About: Daphne Keller directs the Program on Platform Regulation at Stanford’s Cyber Policy Center and was formerly the Director of Intermediary Liability at CIS. Her work focuses on platform regulation and Internet users’ rights. Until 2015 Daphne was Associate General Counsel for Google, where she had primary responsibility for the company’s search products.

Social Authority Score: 68

156. Chris Bing

About: Chris Bing is a cybersecurity reporter for CyberScoop. He has written about security, technology, and policy for the American City Business Journals, DC Inno, International Policy Digest, and The Daily Caller. Chris became interested in journalism as a result of growing up in Venezuela and watching the country shift from a democracy to a dictatorship between 1991 and 2009. He is also a fan of the Premier League.

Social Authority Score: 71

157. evilsocket (Simone Margaritelli)

About: Simone Margaritelli, better known as evilsocket a former hacker who now breaks stuff to make the world a safer place. Based in Italy, Simone currently works as a mobile security researcher and senior developer at Zimperium’s world-renowned research and development team, zLabs.

Social Authority Score: 69

158. Lea Kissner

About: Dr. Lea Kissner is the Head of Privacy Engineering at Twitter, a member of the Advisory Board of the IAPP Privacy Engineering Section, and an organizer of the OURSA conference. She earned a PhD in computer science (with a focus on cryptography) at Carnegie Mellon University and a BS in electrical engineering and computer science from UC Berkeley.

Social Authority Score: 67

159. David Bisson

About: David Bisson is an infosec news junkie and security journalist. He works as Contributing Editor for IBM’s Security Intelligence, Associate Editor for Tripwire’s “The State of Security” blog, and Contributing Writer for Venafi. David has contributed 1,753 posts to The State of Security.

Social Authority Score: 49

160. Ted Demopolous

About: Ted Demopoulos’ background includes over three decades of experience in Information Security and Business, including 30 years as an independent consultant. Ted helped start a successful information security company, was the CTO at a “textbook failure” of a software startup. He is a frequent speaker at conferences and other events, author of the forthcoming Infosec Consulting 101, author of Infosec Rock Star: How to Accelerate Your Career Because Geek Will Only Get You So Far.

Social Authority Score: 49

161. Kelly Shortridge

About: Kelly Shortridge is co-author of Security Chaos Engineering (O’Reilly Media) and is best known for their work applying behavioral economics, resilience, and DevOps principles to information security. She has spoken at major technology conferences internationally, including Black Hat USA, O’Reilly Velocity Conference, RSA Conference, and is a Pwnie Awards judge.

Social Authority Score: 67

162. Mohit Kumar

About: Mohit Kumar is the Founder and Editor-in-Chief of The Hacker News, which attracts over 10 million monthly readers. He is also a Cyber Security Analyst, Infosec blogger, speaker, and hacker.

Social Authority Score: 58

163. Christina Camilleri

About: Christina Camilleri is a Security Security Engineer at Netflix and video game enthusiast. Christina’s primary areas of expertise are web application penetration testing, open-source intelligence (OSINT), and social engineering. She has also won the highest scoring OSINT report for two years in a row in the DEFCON Social Engineering CTF.

Social Authority Score: 57

164. Dave Bittner

About: Dave Bittner is the producer and host of the CyberWire podcast, a top-rated daily cybersecurity news program produced in Baltimore. He is also a skilled public speaker, voice-over artist, emcee, actor, and singer.

Social Authority Score: 54

165. Ryan Naraine

About: Ryan Naraine is Editor-at-Large at SecurityWeek and host of the popular Security Conversations podcast series. Ryan is a journalist and cybersecurity strategist with more than 20 years of experience covering IT security and technology trends. He is a co-founder of Threatpost and the global SAS conference series.

Social Authority Score: 74

166. Adrian Sanabria

About: Adrian Sanabria is Co-Founder and Director of Research at Savage Security. He has spent far more time dealing with PCI than is healthy for an adult male of his age. Adrian is involved in various volunteer projects within the security community, such as the National Board of Information Security Examiners’ (NBISE) efforts to provide analysis on information security job roles and hiring through the Operational Security Testing Panel.

Social Authority Score: 60

167. Chris Wysopal

About: Chris Wysopal is Co-Founder and Chief Technology Officer at Veracode and a member of the L0pht where he was a vulnerability researcher. In 2008, Wysopal was recognized for his achievements in the IT industry by being named one of the 100 Most Influential People in IT by eWeek and selected as one of the InfoWorld CTO 25.

Social Authority Score: 70

168. Rob May

About: Rob May is a TEDx presenter and a published author. He has the Freedom of the City of London, is a Liveryman in The Worshipful Company of World Traders, and has twice exercised his right to walk sheep over London Bridge! Rob is also on The Advisory Board of The Cyber Resilience Centre for the South East.

Social Authority Score: 75

169. Jeff Stone

About: Jeff Stone is the editor-in-chief of CyberScoop, with a special interest in cybercrime, disinformation, and U.S. courts. He previously covered financial and legal aspects of security as an editor at the Wall Street Journal, and technology policy for sites including the Christian Science Monitor and the International Business Times.

Social Authority Score: 67

170. Dr. Jessica Barker

About: Dr. Jessica Barker is the Co-Founder and Co-Chief Executive Officer of Cygenta, and a leader in the human nature of cybersecurity. She has given cybersecurity outreach sessions to over 5,000 school students and was awarded as one of the UK’s Tech Women 50.

Social Authority Score: 57

171. Johnny Long

About: Johnny Long, otherwise known as “j0hnny” or “j0hnnyhax”, is a computer security expert and long-time Google hacking specialist. He is also the founder of Hackers for Charity, which collects computer and office equipment to donate to underdeveloped countries.

Social Authority Score: 44

172. Will Schroeder

About: Will Schroeder aka “harmj0y” is an offensive engineer and red teamer. He is a co-founder of Empire/Empyre, BloodHound, and the Veil-Framework developed PowerView and PowerUp, is an active developer on the PowerSploit project, and a Microsoft PowerShell MVP. He has presented at a number of conferences, including DEF CON, DerbyCon, Troopers, BlueHat Israel, and various Security BSides.

Social Authority Score: 64

173. Teri Radichel

About: Teri is the CEO of 2nd Sight Lab and is the founding organizer of the Seattle AWS Architects and Engineers Meetup which has nearly 3000 members. She is the author of “Cybersecurity for Executives in the Age of Cloud” and writes a blog called Cloud Security. Teri also received the SANS Difference Makers Award for cloud security innovation.

Social Authority Score: 55

174. Bill Brenner

About: Bill Brenner is the Director of Research at IANS and founder of The OCD Diaries, a blog that covers everything from the latest cyber news to his personal thoughts on various issues.

Social Authority Score: 48

175. Lenny Zeltser

About: Lenny Zeltser helps shape global cybersecurity practices by teaching incident response and malware defenses at SANS Institute. He is the CISO at Axonius and is also on the Board of Directors of the SANS Technology Institute. He has earned the prestigious GIAC Security Expert professional designation and developed the Linux toolkit REMnux, which is used by malware analysts throughout the world.

Social Authority Score: 59

176. Help Net Security (Mirko Zorz)

About: Mirko Zorz is the editor-in-chief at Help Net Security Publications, an independent cybersecurity news site since 1998. Help Net Security covers a wide range of topics, industry news, and expert analysis on what’s happening in the world of security.

Social Authority Score: 70

177. SecBarbie (Erin Jacobs)

About: Erin Jacobs aka SecBarbie is a Partner at UrbaneSec, BBS Sysop from the early 90’s turned business major, musician turned DJ, IT geek turned corporate sell-out CIO. She has presented at numerous high-profile security conferences including RSA, DEF CON, Brucon, Derbycon, Hack In The Box, and ISC2 Congress just to name a few.

Social Authority Score: 43

178. Dan Lohrmann

About: Dan Lohrmann is the Chief Strategist and CSO for Security Mentor. Dan led the Michigan government’s cybersecurity and technology infrastructure teams from May 2002 – August 2014. He is the author of two books – “Virtual Integrity: Faithfully Navigating the Brave New Web” and “BYOD For You: The Guide to Bring Your Own Device to Work.”

Social Authority Score: 54

179. Lorenzo Franceschi-Bicchierai

About: Lorenzo Franceschi-Bicchierai is a staff writer at VICE Motherboard in Brooklyn, New York, where he covers hacking, information security, and digital rights. Prior to working at Motherboard, Lorenzo worked at Mashable and at Wired’s Danger Room. In his spare time, you can find him eating mozzarella, or arguing with the referee during a soccer match.

Social Authority Score: 75

180. Joe Uchill

About: Joe Uchill is a Senior Reporter SC Magazine. Joe is a long-time cybersecurity reporter who has written for places like Axios and Motherboard and has been covering cybersecurity since 2014.

Social Authority Score: 61

181. Lee Holmes

About: Lee Holmes is a Principal Security Architect in Azure Security, an original developer on the PowerShell team, fanatical hobbyist, and author of the Windows PowerShell Cookbook.

Social Authority Score: 64

182. Alison Gianotto

About: Alison Gianotto aka @snipeyhead has one of the most fascinating bios out there. She is a hacker and the CEO of Snipe-IT, a free open-source IT asset management application. She was featured in People Magazine, Web Designer Magazine, and co-authored several books on PHP/MySQL. Alison is also a nationally recognized expert on animal abuse and one of the 10 finalists in the Animal Planet Hero of the Year contest in 2006.

Social Authority Score: 75

183. Dave Shackleford

About: Dave Shackleford is the owner and principal consultant of Voodoo Security and faculty at IANS Research. Dave is a SANS Analyst, serves on the Board of Directors at the SANS Technology Institute, and helps lead the Atlanta chapter of the Cloud Security Alliance.

Social Authority Score: 47

184. Ashkan Soltani

About: Ashkan Soltani is an independent researcher and technologist specializing in privacy, security, and technology policy. Ashkan was also recognized as part of the 2014 Pulitzer-winning team for his contributions to the Washington Post’s coverage of National Security issues. Ashkan previously served as a Senior Advisor to the U.S. Chief Technology Officer in the White House Office of Science and Technology Policy and as the Chief Technologist for the Federal Trade Commission.

Social Authority Score: 70

185. Audrey Renée Bentley

About: Audrey Renée Bentley is a BioTech InfoSec specialist. She specializes in healthcare privacy and genomics. She maintains her BentleyBioSec Blog and has over 21k followers on Twitter.

Social Authority Score: 67

186. Daniel Cuthbert

About: Daniel Cuthbert is the Chief Operating Officer at SensePost. With a career spanning 20+ years in penetration testing, red teaming, and secure software design. He is the original co-author of the OWASP Testing Guide, released in 2003, and now the co-author of the OWASP Application Security Verification Standard (ASVS).

Social Authority Score: 74

187. Joseph Cox

About: Joseph Cox is a cyber journalist covering hackers, crime, and privacy for Motherboard. His work has appeared on VICE, Medium, HuffPost, VICE UK, Journal of Banking Regulation, Springer, The Daily Beast, MIT Technology Review, The Daily Dot, Times of Israel, NotebookReview, and more.

Social Authority Score: 77

188. Jek Hyde (Sophie Pingor)

About: Sophie Pingor, aka Jek Hyde, is a renowned pen tester and social engineer. She is a University of North Texas graduate with a degree in journalism. Sophie worked on the school newspaper and then after college started working at KERA radio in the Dallas-Fort Worth area. It was there that she became interested in security, volunteering for stories about the latest breaches.

Social Authority Score: 55

189. Chuck Brooks

About: Chuck Brooks is one of the most followed and well-recognized thought leaders in the cyber field. He was named by Thompson Reuters as a “Top 50 Global Influencer in Risk, Compliance,” and by IFSEC as the “#2 Global Cybersecurity Influencer” in 2018, and one of “The Top 5 Tech People to Follow on LinkedIn”. He also was appointed as Special Assistant to the Director of Voice of America under President Reagan and featured Homeland Security contributor for Federal Times.

Social Authority Score: 70

190. John Bambenek

About: John Bambenek is an Artisanal Malware Curator, bug data wrangler, and the President and Chief Forensic Examiner of Bambenek Consulting. He has appeared as an expert in the New York Times, Washington Post and was once on the Daily Show with Jon Stewart.

Social Authority Score: 59

191. Martin McKeay

About: Martin McKeay is a Senior Security Advocate at Akamai. He is the author of the Network Security Blog and host of the Network Security Podcast. Martin is also an advocate of the Payment Card Industry Data Security Standard.

Social Authority Score: 40

192. CyberStu (Stuart Peck)

About: CyberStu is the host and Co-Founder of the widely popular Many Hats Club podcast. Stu heads up Cyber Security Strategy for ZeroDayLab and has over 13 years of experience in the information security industry.

Social Authority Score: 71

193. Tyler Cohen Wood

About: Tyler Cohen Wood is an internationally recognized cybersecurity authority with 20 years of experience. She has helped the White House, DoD, federal law enforcement and the intel community thwart many cyber threats to the USA.

Social Authority Score: 69

194. Amanda Berlin

About: Amanda *patched* Berlin is a highly accomplished network defender and Lead Incident Detection Engineer at Blumira. Amanda serves as the founder and CEO of Mental Health Hackers, and co-host of the Breaking Down Security podcast. She is the author of a Blue Team best practices book called “Defensive Security Handbook: Best Practices for Securing Infrastructure.”

Social Authority Score: 63

195. Mark Lynd

About: Mark Lynd is Head of Digital Business at Netsync is a top-ranked 20 global thought leader, author, speaker, and practitioner for, AI, Data Center IoT, and Cybersecurity. His notable keynotes include Intel, Cisco, Oracle, and IBM. His work has been featured in the WSJ, Information Week, eWeek, CRN, and CSO. Lynd is also a veteran that served honorably in the US Army’s 3rd Ranger Battalion & 82d Airborne.

Social Authority Score: 68

196. Camille François

About: Camille Francois studies how organized actors leverage digital technologies to harm society and individuals, from cyberwarfare to online harassment. She has investigated Russian interference in the 2016 Presidential election on behalf of the US Senate Select Intelligence Committee and served as a special advisor to the Chief Technology Officer of France. In 2019, Camille was recognized by the MIT Tech Review in its annual She was also named one of Time Magazine’s “100 Next” global leaders for her work on information operations.

Social Authority Score: 62

197. Byron Acohido

About: Byron Acohido is a Pulitzer Prize-winning journalist and the founder and executive editor of The Last Watchdog on Privacy & Security. He authored Zero Day Threat: The Shocking Truth of How Banks And Credit Bureaus Help Cyber Crooks Steal Your Money and Identity, a non-fiction thriller that received the 2009 NYSSCPA Excellence in Financial Journalism Award for general audience books.

Social Authority Score: 44

198. Nathaniel Gleicher

About: Nathaniel Gleicher is a computer scientist, lawyer, and the Head of Security Policy at Facebook. He has taught computer programming, built and secured computer networks, prosecuted cybercrime at the US Department of Justice, and served as Director for Cybersecurity Policy at the National Security Council (NSC) in the White House.

Social Authority Score: 66

199. Stephen Cobb

About: Stephen Cobb is a 25-year veteran of information security and data privacy and has been a CISSP since 1996. Stephen helped create several successful information security companies and is a frequent author and speaker on cyberthreats. He is a former SearchSecurity contributor and is currently senior security researcher for antivirus vendor ESET.

Social Authority Score: 65

200. Joshua Wright

About: Rogue hacker-turned-infosec-professional, Joshua Wright initially got into the infosec field after getting caught hacking, uncovering a vulnerability disclosure in the process. His infosec journey began in 1997 and currently serves as director and senior security analyst for CounterHack.

Social Authority Score: 54

About Perimeter 81

Perimeter 81 transforms network access and security and helps organizations of all sizes and in many industries to secure their remote workers. Named a Gartner Cool Vendor, Perimeter 81 is considered by industry leaders to be winning the “SASE space race”. Learn more about Perimeter 81 here: https://www.perimeter81.com/

Illustration of CRN Emerging Vendors logo

300% Growth of the Channel Business in 2020-2021

CRN, one of the top technology news and information source for Managed Service Solution Providers, channel partners, and VARs, has selected Perimeter 81 as a 2021 Emerging Vendor for Security. Perimeter 81 was selected for its innovative Zero Trust networking solution and the 300% growth of the company’s channel business in 2020-2021.

The CRN 2021 Emerging Vendors list will be featured in the August 2021 issue of CRN Magazine and online at www.CRN.com/EmergingVendors.

“These are exhilarating times at Perimeter 81 as our business—especially our channel business—is experiencing some serious hypergrowth,” says Bob Kilbride, VP Channel Sales  at Perimeter 81. “MSPs really like our partner program and multi-tenant platform that enables them to turn Perimeter 81 into a secure Network-as-a-Service offering that generates recurring revenues. Perimeter 81 is very easy to use and our intuitive and elegant interface allows our partners to deploy a secure network for their customers in minutes.”

With the recent high-profile cyberattacks at Colonial Pipeline, VW, and Kaseya, businesses of all types and sizes realize that they can no longer ignore the dangers of ransomware and that Zero Trust Network Access is a necessity, not a luxury. 

“We’re thrilled to have been selected as one of CRN’s 2021 Emerging Vendor for Security,” said Amit Bareket, CEO and Co-Founder of Perimeter 81. “This award acknowledges our success in providing a holistic, rapidly scaling SASE framework that delivers the highest levels of cybersecurity for the hybrid workplace.”  

 

Other Awards include Fast 500, Gartner Cool Vendor & More

“The CRN 2021 Emerging Vendors list honors forward-thinking technology suppliers that are redefining IT channel success by focusing on innovative products that help customers overcome the complex and ever-changing IT demands,” said Blaine Raddon, CEO of The Channel Company. “Solution providers in search of the latest innovative technologies can depend on the Emerging Vendors list as a trusted resource.” 

In addition to the CRN 2021 Emerging Vendor Award for Security, Perimeter 81 has been selected for numerous other awards, including Deloitte’s Technology Fast 500, Gartner Cool Vendor, the Red Herring Top 100, and many more.

Remote work is here for the long run, and as businesses adapt to the new normal, hackers are also adjusting to – and taking advantage of – this new status quo. The COVID-19 pandemic has changed the way we work by transitioning most of the workforce to be remote and turning our homes into offices. This shift has seen hackers and cybercriminals modify their approach and adapt their hacking methods accordingly.  The combination of rapid cloud adoption, BYOD, and remote work have opened the door to new breaches and hacks. This requires organizations to transform their defensive playbooks and to better understand how hackers are utilizing the crisis for data theft. Recognizing how criminal business models have evolved is key to protecting our data and resources in the present.  In early September, security researcher and “friendly hacker” Keren Elazari joined Sivan Tehila, Director of Solution Architecture at Perimeter 81, in a discussion about the evolution of security threats and cyber crime in our new remote work era. From Zoom bombing to account takeovers, access mining and phishing, Keren and Sivan shed light on emerging security threats and shared practical ideas on how to build a more secure future for your organization. 

Watch the webinar on-demand:

Keren kicked off the discussion by explaining that during the pandemic, criminals have amped up their activity. During the pandemic, we saw how adaptable hackers really are. Once a specific region was hit with COVID-19, cybercriminals hit those areas with phishing, malicious emails, contact tracing apps, etc. They have been following the pandemic and capitalizing on it. Keren also discussed access mining, AWS mining, malware, ransomware, island hopping, and more developing trends. Sivan followed up with examples from current events and trends from the industry. During the pandemic, more organizations have been adopting cloud-based solutions and rethinking their business continuity plan, especially healthcare and educational organizations that have been a hot target for hackers during the pandemic. 

What are some things that we should understand about the way a hacker’s mind works? 

Keren discussed how hackers are curious and constantly striving to find ways to use tools and processes in an unexpected way. For years, hackers have been “living off the land” and utilizing resources that they access in order to exploit them, especially during the pandemic. Keren gave examples of opportunities from within an organization that hackers leverage for their advantage. Additionally, hackers are finding ways to have more interaction with their targets in order to craft their attacks.  

Now that home is the new office, what does this mean for IT Managers, organizations, and employees?

In our new normal, the responsibility to secure our networks falls on all employees as well. Sivan explained that IT Managers must have a strategy in place in order to deal with the challenges of remote work, as well as make adjustments to their security training in order to find a balance between realistic security requirements from employees and the appropriate enforcement of policies. Attackers are becoming more sophisticated but when we use different layers of security, we can help protect our data and networks. IT Managers should adopt unified solutions that give them control and visibility of their network and users in one place, in order to simplify managing employees remotely. 

How has the rushed adoption of cloud computing and storage brought about more ways to exploit network vulnerabilities? 

Continuing from the previous question, Sivan discussed dark data and a lack of awareness of where remote employees are storing their data. When moving to use cloud-based infrastructure, it is important to map out assets and prioritize security goals based on this map. When using the cloud, we use more applications and remote protocols in order to access data, so we must manage this remote access with the correct encryptions and protocols in order to avoid hackers exploiting our networks. Keren expounded on how the land has expanded for cybercriminals – infinite computing power that they can leverage. When working from home, there are additional devices that we are using and that are additional entry points for hackers. After providing some recent examples of vulnerabilities in existing systems, Keren explained how criminals are aware of the way we are using various tools and software. 

Moving forward, how should organizations set up a business continuity strategy for cybersecurity? 

For the final question, Keren discussed multi-factor authentication and the need to eradicate passwords. We can take this pandemic as an opportunity to improve our security posture and throw old practices, such as passwords, out the window and to move on to more modern and more secure technologies. Sivan added the importance of going back to the basics and asking ourselves what type of adjustments we need to apply – how we identify a threat, how we protect our networks, and what new layers of security we need to adopt in this day and age. In the past when we used to protect the perimeter, now we have to protect not only outside but inside the network as well with micro-segmentation and different security layers.  After an exciting discussion with insights, examples, and tips, the panelists moved on to answer questions from the audience. If you were unable to tune in live but still would like to address questions to the speakers, feel free to reach out to us on LinkedIn, Twitter, or Facebook

About the Speakers

Keren Elazari is an internationally recognized security analyst, author and researcher. In 2014, Keren became the first Israeli woman to speak at the prestigious TED Conference. Keren holds a CISSP certification and a Masters in Security Studies, and is currently a senior researcher at the Interdisciplinary Cyber Research Center at Tel Aviv University. Keren is the founder of Israel’s largest security community, BSidesTLV, part of the global SecurityBSides movement, and the Leading Cyber Ladies global professional network for Women in Cyber Security.

Sivan Tehila is the Director of Solution Architecture at Perimeter 81. Sivan is a cybersecurity expert with over 13 years of experience in the industry, having served in the IDF as an Intelligence Officer and then in various field positions including Information Security Officer and a cybersecurity consultant. For the past two years, Sivan has dedicated herself to promoting women in cybersecurity and founded the Leading Cyber Ladies community in NYC.

Illustration of Kesaya hack

1,000 Victims and Counting

The Kaseya cyberattack was just the latest in a slew of high-impact attacks in 2021. Hackers are becoming more strategic. Rather than targeting a specific small company for small gains, they are thinking big—both in terms of impact and the ransom size.

The hack represents an evolution over the Microsoft Exchange, and Solar Winds hacks which attacked the software supply chain. By targeting Kaseya, a platform for Managed Service Providers (MSPs), the hackers were able to shut down many companies at once—up to 1,000 at last count.

The cybercriminals are apparently “affiliates” of the Russia-linked REvil ransomware-as-a-service group. This group, which also shut down the JBS meat processors, is demanding $50,000 to $5 million in ransom directly from affected companies rather than from the MSPs or Kaseya. This approach will be more challenging for the FBI to track and manage and could be a workaround the hackers developed following the FBI’s seizure of the JBS ransom. 

 

Owning Up to a Data Breach (or Not)

Last week there was—or wasn’t— a data breach at LinkedIn. LinkedIn initially denied that any new data was being sold on the dark web but later claimed that 700 million users’ profiles were scraped, not stolen via a breach. Either way, the data of 700 million Linkedin users is up for sale with potentially serious consequences, including identity theft and phishing—which could lead to ransomware attacks on corporations, government agencies, utilities, and more.

Unlike LinkedIn, which has still not officially notified its users, Kaseya quickly went into very visible public action. On July 2, Kaseya CEO Fred Voccola announced a potential attack against their VSA remote monitoring and management tool used by Managed Service Providers (MSPs) to provide networking services to external customers. Kaseya customers were told, even urged, to take their VSA Servers offline so that hackers could not get control of end-customer networks.

In addition, the company notified customers about the breach via email, phone, and  regularly updated notices on their website. Finally, Kaseya has released a diagnostic tool for enabling MSPs to identify infected systems, and the company’s response team is working 24×7 to develop a fix.  

 

SASE: A Unified Cybersecurity Approach

The attack against Kaseya is an additional proof-point for adopting a holistic and unified cybersecurity approach in today’s one-network world. One of the core benefits of the Secure Access Service Edge (SASE) model is its ability to mitigate phishing attacks in which employees open unfamiliar or deceptive emails and click on malicious links. 

With SASE, one of its core features is a Secure Web Gateway (SWG) with URL filtering that can block suspicious links and prevent employees from opening them. In addition, a SASE-based platform allows IT teams to segment various parts of the network to limit the extent of a successful cyberattack. For example, suppose a computer or managed device is infected. In that case, the attack will only reach a limited number of resources in the specific network segment, preventing the ransomware from spreading across the organization. 

Additionally, many ransomware attacks are generated from unmanaged devices connected to a secure network. SASE isolates unmanaged devices from the network through agentless Zero Trust application access, giving unmanaged devices access to specific networks by emulating the user’s session in the cloud and transmitting only an image to the user’s browser.

 

Become Invisible

In today’s world, anyone can be hacked, whether you’re one of the world’s leading companies or an SMB receiving managed services from a trusted provider. 

The most basic action to take is to “hide” your computing environments from the Internet so they’re invisible to outside hackers. Then, even if the hardware is vulnerable, it cannot be exploited from the outside.

But a better way is to move your computing resources to the cloud and employ secure networking as a service using a unified framework like SASE. The SASE framework offers an even better solution than the VPNs recommended by the FBI following the Kaseya malware hack. SASE doesn’t need costly hardware, easily scales, and offers Zero Trust access based on identity and context. As a result, this is the best way to stop the next ransomware attack.

 

Employ Zero Trust for All

The attack against Kaseya is an additional proof-point for adopting a holistic and unified cybersecurity approach in today’s one-network world. One of the core benefits of the Secure Access Service Edge (SASE) model is its ability to mitigate phishing attacks in which employees open unfamiliar or deceptive emails and click on malicious links. 

With SASE, one of its core features is a Secure Web Gateway (SWG) with URL filtering that can block suspicious links and prevent employees from opening them. In addition, a SASE-based platform allows IT teams to segment various parts of the network to limit the extent of a successful cyberattack. For example, suppose a computer or managed device is infected. In that case, the attack will only reach a limited number of resources in the specific network segment, preventing the ransomware from spreading across the organization. 

Additionally, many ransomware attacks are generated from unmanaged devices connected to a secure network. SASE isolates unmanaged devices from the network through agentless Zero Trust application access, giving unmanaged devices access to specific networks by emulating the user’s session in the cloud and transmitting only an image to the user’s browser.

 

A Few Last Thoughts on Safety

All social media, even LinkedIn, carries risks, and everyone should minimize the amount of offline contact information they share. Multi-factor authentication should be used wherever possibleespecially with anything financialand everyone should be wary of attachments, even from family members and coworkers. If something doesn’t feel quite right, whether it’s the style of the email, or the context, contact the sender via another form of communication to verify that they have indeed sent you something. 

It’s no coincidence that the 50 MSPs affected by the Kaseya malware hack were using the on-premises version of the company’s VSA Server, not unlike the victims of the MS Exchange Server hack. The MSPs who were using the cloud were unaffected.

Secure cloud networking is undoubtedly the way to go.

Illustration of Covid virus

Covid-19 Redux?

It took just ten days for Israel to return its mask mandate for indoor public spaces. Daily cases of the new Covid Delta variant, first discovered in India, are spreading rapidly, affecting unvaccinated children and adolescents and even some vaccinated adults. In the UK and the EU, the Delta variant is quickly spreading, and evidence suggests that it is 60% more transmissible than the first Covid-19 virus that plunged the world economy into chaos. 

No one expected Covid-19 or its impact on the world economy in 2020. Neither did they expect the freak arctic winter storm that caused the Great Texas Blackout and nearly crashed the grid. Of course, natural disasters are hard to predict. So are unnatural disasters such as ransomware attacks on a hospital or medical clinic. But considering the business upheavals of 2020, it makes plenty of sense to be prepared for the unexpected. 

Agility or a Crisis? Which Comes First?

Organizations are most agile during a crisis. During the height of the Covid pandemic, GM and Ford rapidly converted idle vehicle production lines into ventilator production lines. Pfizer and BioNTech developed the corona vaccine in record time. And of course, many factories rapidly produced millions of surgical masks, whether from cloth, paper, or other materials. 

When failure is not an option, agility is often an outcome. People are forced to think out of the box, and the urgency of the tasks requires risk-taking. 

Agility can also be put into regular practice by tearing down hierarchies to create cross-functional teams that speed decision-making. Another technique is to divide larger projects or processes into smaller batches with quick feedback that can be rapidly implemented. Both these changes make people highly productive and enable them to continually refine and innovate to cost-effectively meet the goals of a project or the needs of a market. 

Creating an Agile Network

Initially formalized for software development, the agile mindset has been expanded as a general framework for business. And in our digital world, agility is equally applicable to corporate networks, where it is a key driver for migrating resources to the cloud. Cloud computing boosts organizations’ speed and scalability, enables rapid adjustments to changes in the market, and dramatically reduces IT costs.

Unlike the hardware and headquarters-based technologies that most companies used before Covid, cloud-delivered technologies enable IT and Security professionals to deploy networks in hours instead of weeks. They can add servers, applications, and databases without purchasing and waiting for the delivery of hardware and then spending hours and days on installations and configurations. 

Most importantly, cloud computing eliminates the need to deal with the constant stream of bug fixes and security updates. Just think of the risks of the 2021 Microsoft Exchange Server Hack vs. the safety of the cloud-based Outlook 365, and the choice is obvious.

Bringing Resources to the Edge

Network agility has rapidly progressed beyond cloud-based applications such as Gmail, Outlook, and Salesforce. There are now options for building virtual networks on the cloud, with all of the speed, scalability, and cost advantages of cloud computing. 

Network as a Service (NaaS) delivers networking “as a service,” providing access to networking tools and processes from a centralized location in the cloud. It can help IT teams deploy, interconnect and manage their networks, and optimize and segment access according to company policies. 

From the cloud, IT teams can deploy private gateways to connect international branches and employees with reduced latency and optimal speed, use a variety of tunneling techniques, segment network access, create access policies and enforce security measures such as Single Sign-On integration and Two-Factor Authentication. 

Stay Agile & Stay Safe

Network as a Service offers a low-latency and cloud-native solution. Providers will have multiple managed data centers throughout the world to bring networking to the edge where your employees are located. It lets you quickly and easily integrate networking and security functionality directly into cloud-based business applications such as Salesforce, Google Suite, AWS, and more. In addition, it offers a variety of security tools, including multifactor authentication, automatic Wi-Fi security, DNS filtering, device posture security, and more—from the ease of a single, integrated suite of applications. 

NaaS is part of the Secure Access Service Edge (SASE) blueprint for using software-defined edge networking, user-focused authentication, access control, and seamless integration across the cloud. It is a key enabler of the permanent hybrid workforce and delivers the agility we need to successfully handle seasonal hurricanes, snowstorms, and whatever Covid variant comes our way.