Other Meaning Signals

Nobody writes better about the economics of cybersecurity. If you want to understand why security companies succeed or fail, start here.

Bugcrowd founder, hacker advocate, and someone who has thought more deeply about crowdsourced security than anyone alive.

Built Thinkst Canary to $20M ARR without VC money. The anti-hype, craft-first approach to building a security company.

Seventeen years running risk at Goldman Sachs, then Google Cloud CISO. Writes about security governance with a rigour most of the industry cannot touch.

Brought behavioural economics and systems thinking to security strategy. Her argument that control-oriented security is strategically bankrupt is one I keep coming back to.

Ex-Gartner, ex-Google. Decades watching what security teams actually do versus what vendors tell them to do. The SOC reality check the industry needs.

Ex-Cloudflare, Baselime founder. Sharp thinking on engineering leadership, observability, and AI. Writes like someone who has actually built and shipped.

Honeycomb CEO. Writes about the organisational reality of running technical teams with a directness that most leadership content lacks entirely.

CTO at Carta. His writing on how decisions actually get made in engineering organisations (as opposed to how leaders describe it) is required reading.

Building security for AI agents in production. His framing that "AI agent security in 2026 is where web security was in 2004" should worry everyone.

Created AFL, wrote The Tangled Web. The intellectual wildcard on this list. Eclectic, original, and allergic to clickbait.

Technical Director of Industrial Incident Response at Dragos. When things go wrong in the physical world, these are the people who get the call.

Rafal Los, James Jardine, and Jim Tiller. No-nonsense, no-sponsor security discussion. Running since 2011 and still one of the best.

Tom Eston and Kevin Johnson. The longest-running cybersecurity and privacy podcast. For actual humans, not vendor personas.