When security hits the headlines, it's not usually for positive reasons. Whether it's the latest data breach, or privacy scandal, you're left feeling that nothing is going right. It doesn't help that large business and governments around the world are continually undermining your security and privacy. However, behind all the headlines are security experts, researchers, and hobbyists working hard to make the world a safer place.

1. Malware Tech

Marcus Hutchins, who goes by the pseudonym MalwareTech, found his life flipped upside down in just a single day in May 2017. He had been paying close attention to the WannaCry ransomware attack which was crippling public services around the world. After registering the control server domain, the ransomware was stopped in its tracks.

Hutchins gained international infamy after British tabloids published his real name in the wake of the attack. A UK-native, he now resides in the US after his arrest while visiting the security conference DEF CON on hacking-related federal charges.

2. Sophie Daniel

Securing software is all well and good, but it overlooks one major security flaw: people. Social engineering is the use of deception to manipulate others into divulging personal or confidential information. In many cases, victims aren't even aware of the attack, which makes it difficult to defend against. Your workplace has probably tried to educate you against these attacks by not holding the door open for someone, for example.

Sophie Daniel, under the name Jek Hyde, is among the most notable penetration testers, having live-tweeted a physical pen-test in 2017. Organizations hire Sophie, and others like her, to break into their company and report back their findings. This work is usually shrouded in secrecy, but Sophie, a former journalist, writes about her experiences offering a fascinating insight into this hidden world.

3. Robert Baptiste

If you've watched USA Network's Mr Robot, then you might have shrugged this account off as guerrilla marketing for the well-received show. However, the name and Twitter handle (a reference to the show's fictional hacking collective) are just a homage. Instead, this account belongs to a French security researcher Robert Baptiste. He often publicly shames companies into acknowledging and fixing security flaws.

This is known as grey hat hacking, where the methods are questionable but the intent isn't malicious. Their efforts have yielded high profile results. After publicizing flaws in the Indian messaging app Kimbho, the story was picked up by international media including the BBC, and the app withdrawn.

4. Kimber Dowsett

Governments have a reputation for technological ineptitude. Bureaucracy and a lack of investment tend to stifle innovation, creating over-budget, under-supported, and insecure products. The problem hasn't gone unnoticed, leading the US General Services Administration (GSA) to launch 18F, a digital services agency for government organizations.

Kimberly Dowsett is a Security Architect and Incident Responder for 18F. Preventing attacks on government services is a vital part of her work. Alongside that, she developed a Vulnerability Disclosure Policy for the GSA, which guides researchers on how to report vulnerabilities to the US government.

5. Jeff Moss

These days, security and hacking conventions are a dime a dozen, but that wasn't always the case. Back in 1993, Criminal Justice graduate Jeff Moss planned a leaving party for a friend. However, when his friend couldn't make it, instead of calling it quits, Jeff invited his hacker friends along to Las Vegas.

He was coerced into hosting a meetup the following year, eventually turning DEF CON into an annual event. DEF CON has gone on to become a staple of the technology world with 22,000 people attending DEF CON 24 in 2016.

6. Whitney Merrill

Unsurprisingly, DEF CON has often held a less-than-favorable view of federal employees---this is the same event that used to organize a "Spot The Fed" contest after all. This began to change when FTC lawyer Whitney Merrill co-founded DEF CON's Crypto & Privacy Village. The village hosts interactive events and presentations around cryptography and privacy alongside the main event.

Her involvement with the Crypto Village isn't without precedent---Merrill's work led to her receiving the 2017 Women in Security award, and recognized as one of the top women in security by CyberScoop. Her contributions while at the FTC helped secure a $24 million fine from Publishers Business Services for deceptive trade practices. She can now be found at Electronic Arts (EA) as their Privacy, eCommerce & Consumer Protection Counsel.

7. Matt Tait

The Edward Snowden leaks proved that national security, online security, and politics are heavily intertwined. The documents uncovered the NSA's audacious surveillance programs and forced security and privacy into the mainstream. It's surprising then that Matt Tait, a former security specialist for the UK's NSA equivalent GCHQ, has become a prominent security expert.

Tait, better known as Pwn All The Things, who also worked for Google's Project Zero, is now a senior cybersecurity fellow at the University of Texas. His research explores the intersection between politics and security. After describing the time he was approached to cooperate with Russia to influence the 2016 US election, he was interviewed by the FBI's Robert Muller.

8. SwiftOnSecurity

Taylor Swift is best known as the multi-million selling pop icon, famed for her singles Shake It Off and Look What You Made Me Do. But in security circles, she is best known by her Twitter alter-ego SwiftOnSecurity (SOS). The infosec parody account, opened in 2014, struck a chord with security professionals around the world. As of June 2018, SOS has amassed 229,000 followers.

The success and longevity of SOS are because the person behind the account knows what they are talking about. Combining humor, security advice, and industry commentary SOS has managed to be still relevant four years later. Not much is known about the account's operator, and what little we do know is from their About page. However, their Twitter threads are often quoted and heavily shared, prompting a lot of discussions and educating readers around the world.

9. Damien Desfontaines

The privacy debate is often framed as a battle between absolutes; advocates on one side, tech companies on the other. What gets lost in that narrative is the many individuals working for the tech companies who passionately care about their work. Surprisingly, this is also the case at Google.

After obtaining a Master's degree in Mathematical Logic and Theoretical Computer Science, Damien Desfontaines was hired by YouTube's analytics team. However, the project was canceled, so Desfontaines shifted over to the Privacy team. Alongside the day job at Google, he is working towards a PhD on anonymization and writes as TedOnPrivacy.

10. Sophia McCall

One of the most daunting experiences is to be new at something. Whether that's meeting new people, or getting a new job, you may feel like you have no idea what you are doing. It's a shared experience, but not one that people often talk about. Cyber Security Management undergraduate Sophia McCall is bucking that trend. Her blog recently won the title of "Best new security blog in Europe" at the European Cyber Security Blogger Awards.

The blog is a "log [of her] journey from wannabe script kiddie, to information security professional." She acknowledges that before her degree she "didn't know how to install Kali - let alone banner grab or SQL Inject." In just a few short years, a lot seems to have changed, and in June 2018 she delivered her first conference talk at BSides London.

Which Security Experts Do You Follow?

Security can be intimidating, especially for newcomers. However, beginners needn't be worried, as taking these six free online courses will guide you through cybersecurity basics. Thankfully, there is a passionate community of security experts who not only want to make the world safer but share their knowledge too. This list only scratches the surface, but following these ten experts is a great place to start.

Of course, if you want to learn specific skills like ethical hacking, then you'll want to take one of these five courses. If it's advice you're after, then you should make these seven security forums part of your online life. Feel like you're ready for the next step? Maybe it's time you visited these ten resources for researching information security jobs.

Image Credit: Gorodenkoff/Depositphotos