Top 10 AppSec Experts You Should Follow

GitGuardian narrowed down a list featuring the top 10 AppSec industry leaders we could find. It wasn’t an easy task, trust us.
So, without further ado, we give you our list of 10 AppSec experts you should follow.

1. Jean-Baptiste Aviat

Why follow Jean-Baptiste:

Jean-Baptise Aviat or simply Jb to friends, is a Parisian-based widely recognized cloud and application security expert. Don’t let your dev team burn out. Jb will give you the inside scoop for Onboarding developers & setting them up for success.

Curious about how to leverage LLMs with cloud security against emerging attacks? Our team highly suggests the all-star keynote panel on LLMs Need Security Too featuring Jean-Baptiste, who is joined by fellow colleague, Izar Tarandach, Senior Staff Engineer at Datadog, and Lakera CEO, David Haber.

Jean-Baptiste is currently the Staff Engineer for Security Products at Datadog and Co-founder/CTO of Sqreen, a SaaS platform that protects web-based applications with no source code modification or traffic redirection.

Check out his latest posts here

2. James Berthoty

Why follow James:

James Berthoty is a renowned cloud security and DevSecOps expert and sought-after keynote speaker with a wickedly cool sense of humor. Whether it's gaining invaluable Kubernetes vulnerability scanning tips with ChatGPT or finding out How to Setup GitLab Protected Branches, as fast as possible, James is your virtual tour guide.

One of the most highly recommended videos our team suggests rewatching is How to Shift Left featuring StackHawk CSO, Scott Gerlach, where he goes in-depth on the people, processes, and technologies that keep organizations safe.

James is also the Founder of Latio Tech, a trusted resource for cloud security product comparisons, and a Security Engineer III at PagerDuty.

Check out his latest posts here

3. Anshuman Bhartiya

Why follow Anshuman:

Need ideas on how to build a security roadmap or ways to supercharge your bug bounty programs? Then you definitely have to follow Anshuman. Our researchers absolutely recommend his keynote from ROOTCON on Bug Bounty Hunting on Steroids and Cybersecurity and Cloud Podcast on Demystifying Application Security Programs.

Anshuman was recently a guest on Tanya Janca’s We Hack Purple Podcast, where he shared his views on the topic of how the SAST industry seems to be divided into two camps. Which one are you with? Watch and find out.

Anshuman is currently the Staff Security Engineer and AppSec Tech Lead for Lyft, having previously served as the Principal Security Engineer at Atlassian and as the Senior DevSecOps Engineer at Intuit among his impressive resume.

Check out his latest posts here

4. Renaud Deraison

Why follow Renaud:
When you think of AppSec pioneers and visionaries, Renaud Deraison comes top of mind. Renaud is the Co-Founder of Tenable, a global leading exposure management platform. So, it goes without question that he is one of the foremost experts in the industry.

His thought leadership piece on The Argument for Risk-Based Security tools you use is a must-read that any security professional can benefit from.

Renaud Deraison has spent the past two decades building Tenable, before ringing the prestigious NASDAQ bell, where he helped guide the company to a successful IPO in 2018.
Check out his latest posts here

5. Clint Gibler

Why follow Clint:

Looking for a new or better security tool to simplify your day-to-day operations? Clint Gibler can help with that. Clint is the founder of tl;dr sec, an AppSec-geared newsletter that will put you in the driver’s seat when it comes to securing your software supply chain. Over 25,000 security professionals will agree. Clint is an expert on AI and LLMs and how they can be applied to tighten your GitHub/GitLab security postures.

You’ll definitely want to check out his keynote from last year’s sec4dev conference on Scaling AppSec where he talks about empowering developers with frameworks and guardrails. We also recommend his talk where he gives An Opinionated Guide to Scaling Your Company's Security.

In between crafting valuable new content for his popular newsletter, Clint currently serves as the Head of Security Research at Semgrep.

Check out his latest posts here

6. Chris Hughes

Why follow Chris:
If there is anyone who is a “must-follow” on any AppSec list, it’s Chris Hughes. Chris is the founder of the Resilient Cyber Podcast, where he discusses the various obstacles and hurdles plaguing AppSec and DevSecOps with the most well-reputed industry leaders in the field. Some of the hottest topics include vulnerability management, cloud security, and one we highly recommend on the Challenges in SCA/SBOM.
Our researchers strongly recommend his most recent article on Software Supply Chain Security in DevSecOps & CI/CD. It includes a great visualization and important risk factors to pay close attention to.

Chris is the President of Aquia and a Cyber Innovation Fellow (CIF) in software Supply Chain Security. He also serves as the Chief Security Advisor for Endor Labs and as an Advisor for TestifySec.

Check out his latest posts here

7. Tanya Janca

Why follow Tanya:
Tanya Janca, AKA SheHacksPurple, is one of the most sought-after and active leaders in application security. She is also the founder of We Hack Purple, a learning platform dedicated to teaching Application Security, DevSecOps, and Cloud Security. Tanya is an award-winning public speaker, active blogger & live streamer with hundreds of informative talks and trainings that span six continents.

Her recent keynote at the 2023 RSA Conference on DevSecOps Worst Practices is an absolute must-watch as she shares her frustrations with bug fixes and simple, yet costly mistakes made in Kubernetes containers.

Tanya is currently the Head of Education and Community at Semgrep. By the way, here is a quick wrap-up we did with Tanya on her famous DevSecOps Worst Practices.

Check out her latest posts here

Our Security Repo podcast starring Tanya

8. Daniel Miessler

Why follow Daniel:

Daniel Miessler is a cybersecurity superstar. He is the voice behind Unsupervised Learning, a treasure trove full of valuable information, ranging from regularly updated blogs, podcasts, and other personal thought perspectives to keep you highly engaged for a very long time!

It was quite a challenge for our team to pick just one content piece of his, so we asked them to give us a few. Here they are:

The AI Attack Surface Map v1.0

Don’t Fix Things; Build Pipelines

He even sat down with fellow influencer Clint Gibler to discuss The Future of AI & Security on a recent episode of Clint Collabs.

Daniel Miessler has over 25 years of experience and some of the most impressive accomplishments you will come across. He is a regular contributor to Forbes, CNET, and Dark Reading. Prior to founding Unsupervised Learning, he had served as Head of Business Intelligence and Information Security at Apple, and as Project Leader of the OWASP Mobile Top 10.

Check out his latest posts here’s

9. Jérôme Robert

Why follow Jérôme:

Jérôme Robert can help enlighten you on the topics of machine learning, and AI, and how both can be used in tandem to protect sensitive assets at risk.

Naturally, our security research team raved about his Cybersecurity in AI now & in 2025 keynote from Data Driven Paris. It will definitely make you question the way you view data processing and machine learning.

Jérôme currently serves as the CMO of Alsid, which was acquired by Tenable. He had previously served as Senior Vice President - Product and Marketing at EclecticIQ and as the CMO for Orange Defense.

Check out his latest posts here

10. Tzachi Zornstain

Why follow Tzachi:

Tzachi or Zack for short is a leading expert when it comes to securing software supply chains, and just about anything related to Python. Tzachi’s most recent contribution to Dark Reading features his thoughts on the "culturestreak" GitLab Python malware which is used to mine Dero cryptocurrency. Can you spot all the major vulnerabilities on GitHub? Maybe. But there are Lesser Known Vulnerabilities on GitHub which Tzachi points out that will make you rethink your open source security strategy.

Tzachi can spot a malicious code package from a mile away! Discover his findings from 9,000 previously reported and validated malicious packages from NPM and PyPI.

Tzachi Zornstain was previously the Co-Founder and CEO at Dustico, a SaaS-based solution that detects malicious attacks and backdoors in open-source software supply chains, later acquired by Checkmarx, where he is currently the Head of Software Supply Chain Security.

Check out his latest posts here

Stay one step ahead of the attack surface and follow GitGuardian on LinkedIn for the latest AppSec news, tips, and security research findings.