Thisi a list cybersecurity people, news feeds, & podcasts I personally follow, I want to make something clear:
I follow these individuals, news feeds, and podcasts for their technical insight & not for their takes on politics, personal beliefs, or whatever else might pop up in their feed. People are complex, and following someone for their expertise in one area doesn’t mean endorsing all their views. If you don’t like how they butter their toast you don’t have to follow their advice on buttering toast.
The cybersecurity content space, especially on YouTube and social media, is full of grifters, hype machines, and snake-oil sellers. While I’m not aware of anyone on my list doing that, people change, sell out, or pivot to nonsense. If that happens, or someone can point to one of the people on this list doing that, I’ll remove them. My goal is to keep this list useful.
While not a perfect science here are the red flags 
I look for when evaluating whether someone is legit or a grifter:
Overemphasis on Financial Gain
- Constant sales pitches: Excessive focus on the monetary benefits of the course rather than the knowledge imparted.
- Limited-time offers and scarcity tactics: Creating a sense of urgency to buy without providing substantial reasons. I feel it’s fine to put things on sale from time to time but the overly pushy way some do this make me really suspect.
- Testimonials that seem too good to be true: Unrealistic claims of overnight success or life-changing transformations. Claims that people went from not knowing how to turn on a computer to make $200K in just one year in cybersecurity.
Lack of Substantive Content
-
Vague or overly general promises: Broad claims about teaching “everything” without specifying the curriculum.
-
Focus on hype rather than information: Emphasizing the “coolness” or “excitement” of the subject matter over practical application. People over-hyping becoming a hacker or building a SaaS APP in 24hrs is also just annoying.
-
Reliance on clickbait and sensationalism: Using attention-grabbing titles or images without relevant content. Click interesting is fine provided they deliver on their claims.
Shady or Inflated Credentials and Lack of Social Proof
- Vague Background: Does not really go in depth about how they got into their career, they tend to talk around it but never any real detail
- Claims Job was Classified: These people are particularly Infuriating. They love alleging having done Gov work but then claim all the amazing things they are classified and you will have to trust just how awesome and important they are.
- Advisory Board Seat: As someone who has participated and currently is on several advisory boards, I can say for certain it’s not that hard to get a position on one. Lots of companies do like having a board on people working in the industry offering insights which sometimes leads to companies letting almost anyone on. The useless people will usually get tossed off the board for not contributing but will forever tout the fact they were on the board as why you should buy from them.
While not all people who engage in any of these things are automatically grifters, I feel comfortable saying that all grifters I have encountered engage in many of these tactics.
Podcasts
- Risky Biz https://risky.biz/
- Click Here Click Here Podcast | The Record from Recorded Future News
- Security Now GRC | Security Now! Episode Archive
- Open Source Security https://opensourcesecurity.io/
- Darknet Diaries https://darknetdiaries.com/
- 404 Media The 404 Media Podcast
My OPML File from my RSS Reader FreshRSS
It’s on GitHub to make it easier for me to update and has a mix of security and tech news
Social Media Feeds
- cyb3rops https://x.com/cyb3rops
- Head of Research @nextronsystems | detection engineer | creator of @thor_scanner, Aurora, Sigma, LOKI, YARA-Forge
- Kim Zetter https://x.com/KimZetter
- Journalist - cyber/national security. Author - COUNTDOWN TO ZERO DAY: Stuxnet and the Launch of the World’s First Digital Weapon. https://zetter-zeroday.com
- Maddie Stone https://x.com/maddiestone
- Security Researcher. Previously Google Project Zero and TAG | 0days all day. Love all things bytes, assembly, and glitter.
- Cody Glyer https://x.com/cglyer
- Microsoft Threat Intelligence Center - Former Incident Responder & Chief Security Architect @Mandiant
- ImposeCost https://x.com/ImposeCost
- Head of Research and Discovery (RAD) @Google Threat Intelligence Group via @Mandiant acquisition. Posts are attributable to me—not my employer. Former @USMC
- Cody Kretsinger https://x.com/CodyKretsinger
- Security Researcher, Recovering Red Teamer, Speaker & Author. Former LULZSEC Member. Cofounder @bsidespeoria & IL Cyber Foundation.
- 4n6lady https://x.com/4n6lady
- DFIR & #BlueTeam | IR & Threat Detection | #OSINT enthusiast | waiting for HL3 | AWS CIRT
- Andy Greenberg https://x.com/a_greenberg
- WIRED writer, author of SANDWORM and now TRACERS IN THE DARK
- Costin Raiu https://x.com/craiu
- Cybersecurity researcher focused on threat intel & APTs. Breaking down attacks, hunting threats, and crafting YARA rule
- Juan Andrés Guerrero-Saade https://x.com/juanandres_gs
- Executive Director for Intelligence and Research @SentinelOne | Distinguished Fellow, @SAISHopkins Alperovitch |LABScon|Cyber Paleontologist|4thParty Collector
- GossiTheDog Kevin Beaumont (@GossiTheDog@cyberplace.social) - Cyberplace
- Cybersecurity weather person and award winning shitposter. Shitposting is an anagram of Top Insights. You may be surprised to know I am not representing my employer here and these are not their opinions.
- Also on @doublepulsar.com on Bluesky
- Tib3rius @tib3rius.bsky.social on Bluesky
- Web App (mostly) Hacker @NetSPI | Cybersecurity Educator | Content Creator
- SwiftOnSecurity Bluesky
- computer security person. former helpdesk.
- Molly White @molly.wiki on Bluesky
- independent writer of citationneeded.news and @web3isgoinggreat.com • tech researcher and cryptocurrency industry critic • software engineer • wikipedian
- Meredith Whittaker @meredithmeredith.bsky.social on Bluesky
- President of Signal, Chief Advisor to AI Now Institute
- Jake Williams @malwarejake.bsky.social on Bluesky
- Breaker of software, responder of incidents, IANS Faculty, VP R&D Hunter Strategy
- MalwareTech @malwaretech.com on Bluesky
- Cybersecurity Specialist, Public Speaker, Ex-Hacker.
- Pylos @pylos.co on Bluesky
- Threat Intel / CTI / OT / ICS / Critical Infra stuff along with other things. I genuinely care, and wish others did too.
- vx-underground @vxundergroundre.bsky.social on Bluesky
- The largest collection of malware source code, samples, and papers on the internet.
- John Strand @strandjs.bsky.social on Bluesky
- I do cool Infosec stuff with cool people.
- Jayson E. Street @jaysonstreet.bsky.social on Bluesky
- Hacker - Helper - Human JaysonEStreet.com
- HackingLZ @hackinglz.hackpwn.net on Bluesky
- CTO @TrustedSec.com Former Optiv/SecureWorks/Accuvant Labs/Redspin
- Kostas Tsale @kostastsale.bsky.social on Bluesky
- @thedfirreport.bsky.social | kostas.page | Opinions are mine only!
- The DFIR Report @thedfirreport.bsky.social on Bluesky
- Real Intrusions by Real Attackers, the Truth Behind the Intrusion.
- likethecoins @likethecoins.bsky.social on Bluesky
- SANS Certified Instructor for FOR578: CTI
- Eva Galperin Bluesky
- Director of Cybersecurity @eff.org Co-founder of @stopstalkerware.bsky.social
- Zack Whittaker @zackwhittaker.com on Bluesky
- Security editor, TechCrunch
You can also share this via my short URL https://lawrence.video/cybernews