👥 Notable Product Security Contributors, Authors, and Community Builders

Intro: Product Security is shaped by a mix of researchers, builders, educators, maintainers, and leaders. This page is intentionally opinionated. It is not a hall of fame for every great security person on the internet. It is a practical list of people worth following if your day job sits somewhere between AppSec, DevSecOps, cloud, Kubernetes, API security, secure SDLC, or Product Security leadership.

How to use this page

Use this list to:

build a high-signal follow list;
discover talks, blogs, books, labs, and newsletters;
understand who shaped specific domains of Product Security;
follow people who are good at translation, not only raw technical depth.

Short list

Person	Main domain	Why they matter	Best starting link
Michael Howard	secure development lifecycle / threat modeling	helped shape Microsoft's SDL mindset and made threat modeling and secure coding mainstream for product teams	https://learn.microsoft.com/en-us/archive/msdn-magazine/2007/november/trustworthy-computing-five-years-building-more-secure-software
Steve Lipner	secure development lifecycle / leadership	co-authored the SDL framing that influenced how large product companies operationalized secure software development	https://www.amazon.com/s?k=The+Security+Development+Lifecycle+Steve+Lipner
Tanya Janca	AppSec education / secure coding	one of the most visible modern educators in AppSec, especially for secure coding, security champions, and developer enablement	https://tanyajanca.com/
Marco Lancini	cloud security / leadership	writes and teaches on cloud-native security, technical leadership, and career development for security engineers	https://www.marcolancini.it/
Madhu Akula	Kubernetes / cloud-native security	creator of Kubernetes Goat and one of the strongest practitioner-educators in hands-on cloud-native security	https://madhuakula.com/
Liz Rice	containers / Kubernetes / eBPF	widely recognized educator and author on container security, eBPF, and cloud-native security engineering	https://www.lizrice.com/
Scott Piper	AWS / cloud security	created flAWS, CloudMapper, and other practical AWS security learning and assessment tools	https://summitroute.com/
Justin Cappos	software supply chain / TUF / in-toto	academic and project leader behind major supply-chain trust work that heavily influenced modern artifact integrity practices	https://ssl.engineering.nyu.edu/people/jcappos/
Andrew Martin	container / Kubernetes security	researcher, founder, and frequent speaker on container, Linux, and Kubernetes security trade-offs	https://control-plane.io/posts/
Ian Coldwater	Kubernetes / container exploitation and defense	well-known for practical Kubernetes and container security research, education, and SIG Security leadership	https://www.cyberark.com/resources/threat-research-blog
Katie Paxton-Fear	web and API security education	excellent educator for web exploitation, APIs, and secure development teaching	https://www.katie-pxtn.dev/
Clint Gibler	pragmatic AppSec / architecture review	creator of TLDRSec and one of the clearest modern voices on practical AppSec and review judgment	https://tldrsec.com/
Michael Lieberman	supply chain / DevSecOps community	visible leader in open-source and supply-chain security communities including CNCF TAG Security and OpenSSF-adjacent work	https://tag-security.cncf.io/
Marina Moore	software supply chain / research	researcher and author on software supply chain risk, provenance, and open-source security	https://www.linkedin.com/in/marina-moore/
James Berthoty	cloud security education	cloud security educator known for translating posture, IAM, and cloud operating-model concepts for practitioners	https://www.latio.tech/
Alyssa Miller	security leadership / AppSec / privacy	experienced security leader and public advocate on leadership, AppSec, trust, and broader leadership topics	https://www.alyssasec.com/
Jennifer Fernick	open-source and product security leadership	visible security executive voice connecting product security, trust, and open-source ecosystem work	https://openssf.org/about/board/
Julie Davila	product security leadership	product security leader with a visible career path across NASA, Sophos, Red Hat/Ansible, and GitLab	https://about.gitlab.com/company/team/
Vincent Danen	product security leadership / open source	long-time Red Hat Product Security leader with deep roots in open source security and secure product operations	https://openssf.org/about/board/
Sarah Young	Microsoft security engineering advocacy	important practitioner voice translating Microsoft's secure engineering program into actionable guidance	https://techcommunity.microsoft.com/blog/microsoft-security-blog/introducing-the-secure-future-initiative-tech-tips-show/4388454

Quick grouping by role

Secure development and AppSec foundations

Start with these people when you want the engineering roots of Product Security:

Michael Howard
Steve Lipner
Tanya Janca
Clint Gibler
Katie Paxton-Fear

Cloud, containers, and Kubernetes

Start here when the work is mostly platform and cloud-native:

Liz Rice
Madhu Akula
Scott Piper
Andrew Martin
Ian Coldwater
Marco Lancini

Software supply chain and open-source security

Start here when the conversation is about provenance, artifact trust, or open-source ecosystem security:

Justin Cappos
Michael Lieberman
Marina Moore
Jennifer Fernick

Product Security leadership and management

Start here when you care about operating models, org design, executive communication, and scaling security inside product companies:

Julie Davila
Vincent Danen
Alyssa Miller
Sarah Young
Marco Lancini

What makes someone worth following in Product Security

In this KB, the most useful people usually have at least two of these traits:

they translate between engineering and leadership;
they produce artifacts other people can reuse;
they teach through examples, not only slogans;
they contribute to communities, projects, or open guidance;
they make trade-offs visible instead of pretending security is purely checklists.