Speaker Biography

Andrew Rose

Principal Analyst

Sessions Featuring This Speaker

Forrester's Forum For Technology Management Leaders


  • 05:00 PM - 05:40 PM

    Know Your Enemy: Hackers Versus Executives

    In The Art of War, Sun Tzu said, “It is said that if you know your enemies and know yourself, you will not be imperiled in a hundred battles.” This session is designed to help information security professionals understand how hackers work and the type of sophisticated threats that cybercriminals are capable of against today’s networks. Learn:

    • What happens in real-life cyberattacks.
    • What hackers think about the state of enterprise security.
    • What security and risk professionals should do to protect themselves from attacks.

  • 11:25 AM - 12:05 PM

    Connect Your Digital Business To The Physical World

    In the connected world, where technologies enable objects and infrastructure to interact with monitoring, analytics, and control systems over Internet-style networks, management and security principles are different. In this session, you will learn:

    • What the connected world looks like.
    • Why you will need to manage and secure this connected world differently.
    • The framework for embedded management and security.

Research Focus

Andrew's research contributes to Forrester's offerings for the Security & Risk Professional. He is a proven security leader, capable of transforming security teams into highly effective groups and driving efficiencies to deliver results with limited resource. Andrew is a leading expert in information security and risk management, ISO27001 frameworks, supplier review, and business engagement; information security policy development; information security strategy; and governance, risk, and compliance (GRC) initiatives.

Previous Work Experience

Prior to joining Forrester, Andrew was a CISO in the legal sector. He transformed security management for two major global firms, revising policies, setting strategy, introducing IT audit, and developing the maturity of the security teams. Ultimately, he led both firms to ISO27001 certification. Andrew was chairman of the Legal Security Forum, the industry's information security special interest group, and worked with the industry regulators to define and communicate best practices. Before entering the legal sector, Andrew worked in the insurance industry providing security consultancy and developing IAM teams. He has been a regular columnist for several risk-focused magazines and recently retired from the UK ISSA Executive Advisory Board.


Andrew holds a master's degree in information security from Westminster University. Andrew is also a certified information systems security professional (CISSP), a certified information security manager (CISM), certified in risk and information systems control (CRISC), and a trained ISO27001 lead auditor.