Amy   DeMartine

Amy DeMartine

Principal Analyst Serving Security & Risk Professionals

Amy helps Security & Risk Professionals transform their current software and application security practices to support continuous delivery and improvement, focusing on strong partnerships with application development, operations, and business teams. Her research covers topics such as proactive security design, security testing in the software delivery life cycle, protection of applications in production environments, and remediation of hardware and software flaws.

Previous Work Experience

In her previous role at Forrester, Amy served Infrastructure & Operations Professionals, covering the strategy, design, organization, and implementation of modern service delivery, including continuous delivery, DevOps, and SecureOps. She has more than 20 years of experience in product management, product and technical marketing, development, and operations roles. Her previous experience includes positions at BMC and HP, where she was responsible for driving IT management software products from conception through the product life cycle, all with the purpose of enabling technology professionals to solve their most pressing issues.

Education

Amy holds a master's degree in telecommunications and a bachelor's degree in electrical and computer engineering from the University of Colorado.

Amy DeMartine

Principal Analyst Serving Security & Risk Professionals

Amy helps Security & Risk Professionals transform their current software and application security practices to support continuous delivery and improvement, focusing on strong partnerships with application development, operations, and business teams. Her research covers topics such as proactive security design, security testing in the software delivery life cycle, protection of applications in production environments, and remediation of hardware and software flaws.

Previous Work Experience

In her previous role at Forrester, Amy served Infrastructure & Operations Professionals, covering the strategy, design, organization, and implementation of modern service delivery, including continuous delivery, DevOps, and SecureOps. She has more than 20 years of experience in product management, product and technical marketing, development, and operations roles. Her previous experience includes positions at BMC and HP, where she was responsible for driving IT management software products from conception through the product life cycle, all with the purpose of enabling technology professionals to solve their most pressing issues.

Education

Amy holds a master's degree in telecommunications and a bachelor's degree in electrical and computer engineering from the University of Colorado.

Amy DeMartine's Research

Most RecentMost Popular
  • For Security & Risk Professionals

    REPORT: The State Of Application Security, 2018

    Application Security Is Worsening, But Automation Offers Hope

    January 23, 2018Amy DeMartine

    In 2017, applications rolled out the welcome mat to malicious hackers, topping the list of successful external attack targets. Why? Developers continue transitioning from perfect to fast to provide unique customer experiences, and there aren't enough security pros to maintain manual application security review processes. Before slowing down development and causing customers to revolt, security and risk pros should read this report to understand the current state of application security and how emerging techniques support the speed your business needs.

  • For Security & Risk Professionals

    REPORT: Equifax Exposed Two Massive Systemic Risks

    Flaws In The Data Economy Will Make Future Breaches Even More Frequent And Damaging

    December 19, 2017Amy DeMartine, Jeff Pollard, Heidi Shey

    In September 2017, Equifax announced a breach of sensitive personal information of 143 million US consumers, as well as consumers in the UK and Canada. The scale and scope of the breach foretell far-ranging fallout, from undermining global identity verification services to widespread fraud and economic stumbling blocks. In this report, we examine the two systemic issues that led to this disaster, provide S&R leaders with practical lessons to prevent a similar breach, examine fundamental changes in conducting business, and frame legal obligations to end these risks.

  • For Security & Risk Professionals

    REPORT: The Forrester Wave™: Static Application Security Testing, Q4 2017

    The 10 Vendors That Matter Most And How They Stack Up

    December 12, 2017Amy DeMartine

    In our 29-criteria evaluation of the static application security testing (SAST) market, we identified the 10 most significant vendors — CAST, CA Veracode, Checkmarx, IBM, Micro Focus, Parasoft, Rogue Wave Software, SiteLock, SonarSource, and Synopsys — and researched, analyzed, and scored them. This report shows how each measures up and helps security professionals make the right choice.

  • For Security & Risk Professionals

    REPORT: Construct A Business Case For Interactive Application Security Testing

    How Faster App Releases At Reduced Cost Make IAST Worthwhile

    November 3, 2017Amy DeMartine

    As software delivery times speed up, security professionals are trying to fit repeatable security testing into shrinking software delivery life cycles. Rather than depending on a crawler to assess running applications, interactive application security testing (IAST) tools use developer- and QA tester-created automated functional testing scripts to evaluate security as part of the SDLC. This report details two emerging vendor tools in the IAST space and evaluates the benefits that customers experience using these tools. Security pros can use this report to create a business case for IAST.

  • For Security & Risk Professionals

    REPORT: Vendor Landscape: Runtime Application Self-Protection

    Protect Your Imperfect Code Until It Can Be Fixed

    September 29, 2017Amy DeMartine

    Even with the best prerelease security testing, developers will never write perfectly secure code. Zero-day attacks will continue to target vulnerable open source components, third-party applications, and internally developed code. Web application firewalls provide a helpful protection against such attacks; however, they can only analyze input and output data. Used as a deeper layer of application defense, runtime application self-protection (RASP) tools use insider info of the applications they protect to help security pros more effectively detect and deflect malicious attacks.

View all of Amy DeMartine's Research

Clients Who Work With Amy DeMartine Also Work With:

View all related analysts