Top CyberSecurity Influencers: Here’s What my Experiment Revealed

Here’s a quick analysis of security influencers compared to several lists by different influencer marketing software vendors.

By: Michael Brito

Category: Influencer Marketing

Below is a quick analysis I did on the top cybersecurity influencers. But are they actually the top influencers?

Ask any tech marketer how they measure influence, and you won’t get the same answer twice. This isn’t a bad thing. Influencer research should always be the first step and there are many variables to influencer measurement and these data points can be weighted differently based on goals, objectives, the industry, and the audience you’re trying to reach.

This is one reason why I’m not a fan of influencer lists. Whenever I present influencer data to clients, I’m always careful to say “these are 10 of the top security influencersnotthese are the top 10 security influencers.” It sounds similar but it’s not. Influencer measurement is subjective, to say the least.

Another reason I do this is because of granularity. In my research, influencers in malware are very much different than influencers in #secops, #devsecops or even SIEM. Categorizing influencers in the high-level topic of “security” isn’t as actionable.

I say all this because I wanted to do an experiment.

I Googled “top security influencers” and found several results of influencer lists. Most of them were from security software vendors (here, here, and here), a B2B tech marketing agency Marketing Envy and one from Onalytica — an influencer identification and management platform.

Of each list, there was one consistent security influencers that made the top five – Brian Krebs who owns/operates Krebs on Security, and he appeared on 4 of the 5 lists. Bill Brenner appeared on two different lists. Here’s a quick breakdown of each list (only the top 5 noted):


  • Brian Krebs – @briankrebs
  • Kevin Mitnick – @kevinmitnick
  • Bruce Schneier – @schneierblog
  • Troy Hunt – @troyhunt
  • Joseph Steinberg – @JosephSteinberg


  • Kim Zetter – @KimZetter
  • Brian Krebs – @briankrebs
  • Nicole Perlroth – @nicoleperlroth
  • Bill Brenner – @billbrenner70
  • Gene Kim – @RealGeneKim

Data Insider:

  • Adrian Sanabria – @sawaba
  • Ashkan Soltani – @ashk4n
  • Bill Brenner – @billbrenner70
  • Brian Honan – @BrianHonan
  • Brian Krebs – @briankrebs

Marketing Envy

  • Mikko Hypponen – @mikko
  • Graham Cluley – @gcluley
  • Katie Moussouris – @k8em0
  • Jeremiah Grossman – @jeremiahg
  • Brian Krebs – @briankrebs


  • Diana Kelley – @dianakelley14
  • Marco Ciappelli – @MarcoCiappelli
  • Rohit Ghai – @rohit_ghai
  • Wendy Nather – @wendynather
  • Shira Rubinoff – @Shirastweet

I’m not sure what kind of math, if any, was used in calculating these lists. It could have been just a ploy to get the attention of said influencers, which isn’t a bad idea if done right. I see this way too much from the content marketing and social media industry, and it bugs me. Let’s move on.

Over the last several years, I have been spending a lot of time building and analyzing audiences online. One audience, in particular, is the IT and business audience. This is important on many levels. You’ll see why. 

When doing influencer research, I very rarely account for influencer reach (or influencer follower count). What I do look for is whether or not specific influencers are referenced (or mentioned) by a specific audience. In this case … a real, self-identifiable audience made up of people that matter like security engineers, developers, architects, heads of security, etc. This to me should be weighted heavily when measuring influence.

In tech, security influencers consistently reference each other in social media. This happens all the time. They tweet an article, tag another influencer, add their own handle in the Tweet, flood with hashtags and then everyone else retweets. I’m not saying this is bad, good or whatever. It’s just what they do.

What I do want to know is which influencers, are being referenced by a specific audience or group of people. 

At Zeno, we have built an audience panel of 200K IT decision-makers (and growing) and we have the capability to filter and mine their sharing habits, conversations, media consumption, brand affinity, top interests and more. This is all publicly available data.

For this exercise though, we just filtered for each of the influencers above. In other words, I wanted to understand if any of the above influencers are reaching more than just other influencers. I needed two questions answered:

  1. Are these influencers known by this security audience?
  2. How often is this audience sharing influencer content, if at all?

Here are the results. 

The 4 influencers below were not mentioned by anyone from this IT security audience from June 2018 to July 2019. Most of them appeared on the list from Data Insider and one from Onalytica. Again, I’m not saying that they aren’t influential. They just aren’t being mentioned by this particular audience panel.

  1. Diana Kelley
  2. Adrian Sanabria
  3. Ashkan Soltani
  4. Bill Brenner

The others, well … were mentioned quite a bit.

What this data shows is that Brian Krebs was mentioned 17,570 times during this date range and from members of this audience, resulting in ~11M impressions. What’s interesting is that while Shira Rubinoff was mentioned less often than Brian, those mentions resulted in almost double the impressions.

There’s more.

Of the security influencers in this analysis, the following have been mentioned or referenced in the below media publications or have published bylines:

  • Brian Krebs has been mentioned in ZDNet, CNET, and Slashgear
  • Troy Hunt has been mentioned in CNET, TechDirt, Sahsdot, Data Breach Today
  • Bruce Schneier has been mentioned in the New York Times, TechDirt, Slashdot, Reuters, Data Breach Today
  • Gene Kim has been mentioned in Computer Weekly
  • Mikko Hypponen has been mention in CSO Online

Ok, so what? Let’s dig into this a little more and try to get some clarity.

Collectively, these security influencers have been mentioned in some very reputable media publications. The next question is whether or not our security audience reads these publications and at what frequency.

To answer this question, we cross-referenced the audience to see if they were reading and/or sharing content from these specific sites. The data shows that they do.

influencer marketing new york times

When analyzing just the sites in the data set, it shows that our audience prefers to read ZDNet 2x more than CSO Online and 3x more than the New York Times. The engagements represent the total number of social actions (likes, comments, shares, retweets, inbound links) from this audience. Again, we only looked at the media where influencers were mentioned over the last 12 months. No other sites were considered in this part of the analysis. I’ve also added UVMs for each media publication. The data is kind of meaningless but it looks good.

So, it’s safe to say that our influencers could very well be reaching security audiences in those specific media publications.

A couple of notes.

  1. This data does not account for the volume of articles published. That’s a different slice of the data but it’s important. For example, if ZDNet published 10,000 articles and CSO Online published 100 articles, it could be argued that this audience may actually prefer CSO over ZDNet.
  2. Initially, the filtering of this data was topical based using a security boolean. If we were looking at artificial intelligence or digital transformation, the above media would most likely be very different. So the takeaway is that these are the top sites that security pros read when consuming security content.
  3. The secondary filtering was for a finite set of media sites – NY Times, ZDNet, etc. We did this because the named influencers were mentioned there at some point over the last 12 months. The next logical question is, are there other media sites that are more or less popular among the audience?

The answer is yes. And here they are:

These are the top 10 media publications that security pros are reading when consuming security-related content, with no filtering whatsoever. You’ll notice some commonalities with the above graph, specifically that ZDNet is the most consumed media publication even when comparing to all other security publications.

As you can see, influencer research is a subjective practice. It requires an understanding of your business, marketing goals and KPIs. So the next time you see a list floating around on the internet, be skeptical, really skeptical.

But there’s still an unanswered question. Are these the top influencers in the enterprise security space? I honestly don’t know since our data sources were based on 5 existing influencer lists, nothing more. Perhaps that’s the next post.

It’s not good practice to manage influencer programs in a silo. It’s better to ensure that your program is fully integrated into your larger B2B social media marketing plan.

Please consider subscribing to my influencer marketing YouTube Channel where I post 2-3 videos per month or connect with me on Twitter or LinkedIn.

Never Miss A Post

Join over 10,000 people who get fresh content delivered straight to their inboxes.

What People Are Saying