Based in Minneapolis, Minnesota, USA

Cryptographer, security technologist, Fellow and Lecturer at Harvard Kennedy School, Chief of Security Architecture at Inrupt, board member of the Electronic Frontier Foundation, and the most prolific and widely read public intellectual on cybersecurity in the world — author of over a dozen books including Data and Goliath, Click Here to Kill Everybody, and the forthcoming Rewiring Democracy. His blog Schneier on Security has been publishing since 2004 and his monthly newsletter since 1998. Throughout 2025-2026, Schneier published articles in Time, The Guardian, IEEE Security & Privacy, Lawfare, and dozens of other outlets on AI hacking, autonomous cybersecurity agents, government surveillance, and digital democracy — speaking at the Munich Cybersecurity Conference, Cambridge University, and RSAC 2026 on March 25, 2026. The most consistently important and intellectually rigorous public voice on cybersecurity as a societal challenge rather than merely a technical one.

Based in Gold Coast, Australia

Creator of Have I Been Pwned — the most widely used data breach notification service in the world, now monitoring billions of compromised credentials and trusted by governments and organisations globally — Microsoft MVP, cybersecurity educator on Pluralsight, and one of the most practically useful and accessible cybersecurity voices for a general professional audience. Throughout 2025-2026, Hunt remained one of the most active and practically useful cybersecurity communicators globally — his blog, LinkedIn, and social media content explaining real-world breaches, privacy implications, and security best practices in plain language that non-specialists can act on. The most important practitioner-educator in cybersecurity who makes the profession accessible to people who are not security professionals but need to understand it.

Based in Arlington, Virginia, USA

Independent investigative journalist, author of Spam Nation — a New York Times bestseller on cybercrime — creator and editor of KrebsOnSecurity.com, and the most important cybercrime investigative journalist in the world. Throughout 2025-2026, Krebs's daily blog remained the most consistently authoritative source of original investigative reporting on cybercrime, ransomware gangs, data breaches, and the underground economy that enables them. His willingness to name perpetrators, trace criminal networks, and publish findings that corporate and government sources prefer to bury makes him genuinely irreplaceable in the cybersecurity information ecosystem. A former Washington Post journalist who left institutional journalism to do better journalism independently.

Based in Washington, D.C., USA

Former Director of the Cybersecurity and Infrastructure Security Agency (CISA) — the US federal agency responsible for protecting critical national infrastructure — combat veteran, former Wall Street executive, and the most senior cybersecurity government official to build a genuine public personal brand during her tenure. Throughout 2025-2026, following her departure from CISA, Easterly remained one of the most prominent public voices on critical infrastructure protection, election security, cyber resilience, and the mental health of the cybersecurity workforce — an unusually human-centred voice in a profession that often speaks exclusively in technical terms. Her combination of national security credibility, operational experience, and genuine public communication skills makes her one of the most trusted and broadly accessible voices in cybersecurity.

Based in San Francisco, California, USA

Former lead cybersecurity reporter at The New York Times for over a decade, author of This Is How They Tell Me the World Ends — the New York Times bestseller and most widely read book on the global cyberweapons arms race — founder of Silver Buckshot Ventures, Venture Partner at Ballistic Ventures, and member of the DHS Cybersecurity Advisory Committee. Throughout 2025-2026, Perlroth's continued public writing, advisory work, and media appearances on nation-state cyber threats, the zero-day market, and what the cyberweapons proliferation crisis means for global security continued to make her the most important journalist-turned-advocate in cybersecurity. Her book remains the essential popular account of how governments buy and use offensive cyber capabilities.

Based in San Francisco, California, USA

Director of Cybersecurity at the Electronic Frontier Foundation and the most important voice in the world on the specific cybersecurity threats facing vulnerable populations — journalists, activists, domestic abuse survivors, and dissidents who are targeted by stalkerware, government spyware, and intimate partner surveillance. Creator of the Coalition Against Stalkerware, which has coordinated the cybersecurity industry's response to the stalkerware threat, and one of the most practically impactful figures in cybersecurity — measuring success not in enterprise deals but in the safety of people at genuine personal risk. Throughout 2025-2026, Galperin's advocacy, technical work, and public communications on stalkerware, NSO Group's Pegasus spyware, and what digital safety for vulnerable people actually requires continued to make her one of the most morally serious and practically consequential voices in the field.

Based in Helsinki, Finland

Chief Research Officer at WithSecure (formerly F-Secure), one of the most respected malware researchers in the world, and the most widely known and trusted cybersecurity voice in Europe — a TED Talk speaker whose 2011 talk on malware is among the most watched cybersecurity presentations ever delivered. Throughout 2025-2026, Hyppönen's continued research output, speaking at major global security conferences, and social media presence on emerging threats, AI in cybersecurity, and the geopolitics of cyber warfare continued to make him the most internationally credible and accessible cybersecurity voice operating outside the US. His combination of genuine technical depth and extraordinary ability to communicate complex threats to general audiences makes him one of the most valuable public educators in the profession.

Based in Washington, D.C., USA

Co-founder of CrowdStrike — the cybersecurity company whose investigation into the 2016 Russian hacking of the Democratic National Committee made it one of the most prominent names in global cybersecurity — Chairman of the Silverado Policy Accelerator think tank, and the most credible and analytically rigorous voice on the geopolitics of cyber threats, nation-state hacking, and what effective national cybersecurity strategy requires. Throughout 2025-2026, Alperovitch's public commentary on Chinese and Russian cyber operations, US cyber policy, and the strategic dimensions of the global cyber threat landscape continued to be among the most widely cited analysis available to policymakers, journalists, and senior business leaders navigating geopolitical cyber risk.

Based in San Francisco, California, USA

CEO of SocialProof Security, multiple winner of the social engineering competition at DEF CON — the world's largest hacker conference — and the most publicly engaging and accessible voice on social engineering, human hacking, and why people rather than technology remain the most exploitable vulnerability in most security programmes. Throughout 2025-2026, Tobac's conference appearances, media commentary, and social media content on how attackers manipulate people into giving up access and information continued to reach both security professionals and general audiences with practical, immediately actionable guidance. Her ability to demonstrate social engineering attacks in live settings — making the abstract threat viscerally real — makes her one of the most effective security educators working today.

Based in San Francisco, California, USA

Founder of Mandiant — the incident response and threat intelligence firm that identified numerous major nation-state cyberattacks before its acquisition by Google — former CEO of FireEye, and one of the most operationally experienced voices on what responding to advanced persistent threats actually looks like from the inside. Throughout 2025-2026, Mandia's continued advisory work, conference appearances, and public commentary on nation-state cyber intrusions continued to make him one of the most credible and practically experienced voices on advanced cyber threats. His first-hand experience investigating Russian, Chinese, Iranian, and North Korean cyber operations gives his analysis an operational authority that academic or policy voices cannot match.

Based in New York City, New York, USA

Cybersecurity executive advisor, global keynote speaker, co-founder of two cybersecurity product companies, author of Cyber Minds, YouTube channel host with over 233,000 subscribers, and one of the most widely followed and publicly engaged cybersecurity voices globally — with a particular focus on the human and leadership dimensions of cybersecurity alongside its technical aspects. Throughout 2025-2026, Rubinoff's content, speaking, and advisory work continued to make her one of the most prolific and visible cybersecurity communicators in the world. Named one of New Jersey's Best 50 Women in Business, Woman of Influence by CSO Magazine, and recognised for her work promoting women in technology and cybersecurity.

Based in Los Angeles, California, USA

The security researcher who in May 2017 accidentally stopped the WannaCry ransomware attack — which was devastating global infrastructure including the UK's National Health Service — by registering a kill switch domain, and subsequently one of the most technically accomplished and publicly trusted security researchers working in public communication. Throughout 2025-2026, Hutchins's blog, YouTube channel, and social media content on malware analysis, reverse engineering, and security research continued to reach hundreds of thousands of security professionals and enthusiasts globally. His extraordinary personal story — from accidental global hero to convicted hacker to respected security researcher — and his genuine technical depth make him one of the most compelling and followed voices in the security research community.

Based in Oxford, UK

Award-winning cybersecurity journalist, podcaster, blogger, and public speaker with over three decades in the industry — creator of the first version of Dr. Solomon's Antivirus Toolkit in the early 1990s, former researcher at Sophos, host of the Smashing Security podcast (one of the most widely listened-to cybersecurity podcasts globally), and the most entertaining and accessible cybersecurity communicator working in the UK. Throughout 2025-2026, Cluley's twice-weekly podcast, daily blog, and conference appearances continued to make him the most widely trusted independent voice on cybersecurity news and analysis for professionals who want substance delivered with genuine wit. His combination of technical depth and genuine irreverence makes him uniquely accessible in a profession that takes itself very seriously.

Based in Seattle, Washington, USA

Founder and CEO of Luta Security, creator of the first bug bounty programmes at Microsoft and the US Department of Defense, and the most important individual in the development of coordinated vulnerability disclosure as a professional practice. Throughout 2025-2026, Moussouris's advocacy for ethical security research, her public commentary on AI vulnerability disclosure, and her continuing work on vulnerability coordination policy continued to make her one of the most influential figures in how the cybersecurity industry handles the responsible disclosure of security flaws. Her work has saved billions of dollars in potential damages and made the internet measurably safer — and her public voice on what ethical security research requires is among the most credible available.

Based in Washington, D.C., USA

Former Director of CISA under President Trump — from whom he was fired via tweet after certifying the 2020 election was secure — founder of Krebs Stamos Group alongside Alex Stamos, and one of the most credible and trusted voices on election security, critical infrastructure protection, and what effective federal cybersecurity governance requires. Throughout 2025-2026, Krebs's public commentary on the restructuring of US cybersecurity agencies, election security under the new administration, and the geopolitical cyber threat landscape continued to make him one of the most important independent voices on public-sector cybersecurity — someone whose credibility comes precisely from his willingness to say what is inconvenient to those in power.

Based in Oxford, UK

Founding CEO of the UK's National Cyber Security Centre (NCSC) — which he built from inception in 2016 into one of the most respected national cybersecurity agencies in the world — Professor at the Blavatnik School of Government at Oxford University, and the most credible voice in Europe on what effective national cybersecurity governance looks like in practice. Throughout 2025-2026, Martin's public writing, speaking, and media commentary on ransomware policy, state-sponsored cyber threats, and what national cyber resilience requires continued to make him the most authoritative independent voice on public-sector cybersecurity strategy in the UK and one of the most respected globally. His combination of direct government operational experience and academic independence gives his views a weight that neither pure academics nor current officials can match.

Based in Mountain View, California, USA

VP of Engineering at Google and the leader of Chrome Security — one of the largest and most consequential browser security programmes in the world, protecting over 3 billion users — and widely known within the security community as "Security Princess," a title she put on her own business cards early in her career as a deliberate subversion of cybersecurity's gender norms. Throughout 2025-2026, Tabriz's leadership of Chrome's security architecture, her public speaking on engineering at scale, and her advocacy for increasing diversity in the security profession continued to make her one of the most respected and influential figures in product security. Her work protecting the browser through which most people experience the internet makes her arguably the single most impactful individual in user-facing internet security.

Based in Mountain View, California, USA

Cybersecurity entrepreneur, author of IN Security: Why a Failure to Attract and Retain Women in Cybersecurity is Making Us All Less Safe, founder of the IN Security Movement, and the most prominent advocate for gender diversity in the cybersecurity profession globally. Throughout 2025-2026, Frankland's writing, speaking, and advocacy work continued to make the evidence-based case that a profession with a severe talent shortage is making that shortage worse by failing to attract and retain women. Her combination of practitioner credibility (she ran her own cybersecurity company for years before becoming an advocate) and data-driven approach to diversity makes her one of the most respected voices on both the business and ethical case for inclusion in security.

Based in San Francisco, California, USA

Security professional, creator of Unsupervised Learning — one of the most widely read cybersecurity and technology newsletters in the world — and one of the most analytically sharp voices on the intersection of AI and cybersecurity, providing weekly synthesis of the most important developments at this critical junction. Throughout 2025-2026, as AI transformed the threat landscape at an extraordinary pace, Miessler's Unsupervised Learning newsletter and podcast became essential weekly reading for security professionals trying to make sense of what AI means for both attackers and defenders. His ability to synthesise rapidly changing developments into clear, actionable frameworks makes him one of the most practically useful voices in the profession.

Based in New South Wales (NSW) North Coast, Australia

Host and co-founder of the Risky Business podcast — widely regarded as the most technically rigorous and entertaining cybersecurity news podcast in the world, with a loyal global audience of security professionals — and one of the most trusted independent voices in cybersecurity journalism. Throughout 2025-2026, Risky Business continued its extraordinary run of weekly episodes delivering sharp, opinionated, technically credible analysis of the most important cybersecurity developments globally. Gray's ability to attract the most senior and knowledgeable guests in the industry and ask them the questions that matter — rather than the questions that are safe — makes his podcast the essential weekly audio briefing for serious security professionals.

Based in Melbourne, Australia

Principal Threat Analyst at Dragos — the industrial cybersecurity company — and one of the most respected and publicly trusted voices on industrial control system (ICS) and operational technology (OT) security, with particular expertise in protecting power grids, water systems, and other critical infrastructure from cyberattack. Throughout 2025-2026, as attacks on critical infrastructure intensified globally, Carhart's technical writing, conference talks, and social media content on ICS/OT security continued to make her the most practically authoritative public voice on the specific security challenges of protecting the physical infrastructure that modern society depends on. Her directness, technical depth, and genuine commitment to public service make her one of the most respected figures in the security community.

Based in San Francisco, California, USA

Former Chief Security Officer at Facebook and former CISO at Yahoo, co-founder of Krebs Stamos Group alongside Chris Krebs, adjunct professor at Stanford's Freeman Spogli Institute, and one of the most credible and analytically rigorous voices on platform security, disinformation, and the policy dimensions of cybersecurity. Throughout 2025-2026, Stamos's public commentary on AI security, platform trust and safety, election interference, and what responsible corporate cybersecurity leadership requires continued to be widely cited and discussed. His willingness to speak candidly about the failures he witnessed at Facebook makes him a more credible voice on platform security than most.

Based in Austin, Texas, USA

Author of Tribe of Hackers — the most widely read community-built cybersecurity career guide, featuring insights from dozens of leading practitioners — CEO of Threatcare, and one of the most genuinely community-oriented voices in cybersecurity, dedicated to making the profession accessible to people from non-traditional backgrounds. Throughout 2025-2026, Carey's writing, community-building, and advocacy for diversity in the security profession continued to make him one of the most practically useful voices for people entering or navigating careers in cybersecurity. His military background, technical depth, and genuine commitment to lifting others makes him one of the most trusted community figures in the profession.

Based in Northport, New York, USA

Founder of Cybersecurity Ventures and Editor-in-Chief of Cybercrime Magazine — the most widely cited source of cybercrime and cybersecurity market data globally, including the widely referenced prediction that cybercrime will cost the world $10.5 trillion annually by 2025 — and the most prolific producer of cybersecurity market research and editorial content in the industry. Throughout 2025-2026, Cybersecurity Ventures' reports, predictions, and editorial content continued to be cited in board presentations, government briefings, and media coverage globally — making Morgan the most influential data and narrative framer in the cybersecurity industry. His role in quantifying the cost of cybercrime has fundamentally shaped how boardrooms and governments think about cybersecurity investment.

Based in Clearwater, Florida, USA

Founder and CEO of KnowBe4 — the world's largest security awareness training platform, with over 65,000 organisations globally using its simulated phishing and security training tools — and the most practically impactful voice on the human element of cybersecurity: the reality that people, not technology, remain the most commonly exploited vulnerability in most organisations. Throughout 2025-2026, Sjouwerman's blog, speaking, and public advocacy on security awareness, phishing defence, and what genuinely effective human security training requires continued to make him one of the most commercially credible and practically influential voices on the specific challenge of changing human behaviour in cybersecurity. His company's scale — protecting tens of millions of employees — gives his perspective on what works an empirical grounding that few others can claim.