Skip to main content
David   Holmes

David Holmes

Senior Analyst Serving Security & Risk Professionals

David Holmes is a senior analyst at Forrester, advising security and risk professionals about strategy, architecture, and Zero Trust. His coverage includes firewalls, distributed denial-of-service (DDoS) protection, automated malware analysis (sandboxing), IDS/IPS, and network security controls. His research focuses on network security, segmentation strategies, and policy management. He helps security leaders plan Zero Trust implementations, select cybersecurity controls, and understand new mitigation technologies. David has presented at industry conferences like RSA, InfoSec Europe, and the Australian CyberSecurity Conference. He has written regularly for industry magazines on cryptography, malware, and the security community.

Previous Work Experience

Prior to joining Forrester, David spent a decade researching, writing, and speaking about cybersecurity topics for network and application security vendors. Before entering the cybersecurity space, he was a C/C++ software developer specializing in authentication and authorization, network protocols, and cryptography. His transition from wrangling bytes, packets, and private keys to researching, writing, and advising positions him well on Forrester’s security and risk team.

Education

David studied computer science and engineering physics at the University of Colorado at Boulder.

David Holmes

Senior Analyst Serving Security & Risk Professionals

David Holmes is a senior analyst at Forrester, advising security and risk professionals about strategy, architecture, and Zero Trust. His coverage includes firewalls, distributed denial-of-service (DDoS) protection, automated malware analysis (sandboxing), IDS/IPS, and network security controls. His research focuses on network security, segmentation strategies, and policy management. He helps security leaders plan Zero Trust implementations, select cybersecurity controls, and understand new mitigation technologies. David has presented at industry conferences like RSA, InfoSec Europe, and the Australian CyberSecurity Conference. He has written regularly for industry magazines on cryptography, malware, and the security community.

Previous Work Experience

Prior to joining Forrester, David spent a decade researching, writing, and speaking about cybersecurity topics for network and application security vendors. Before entering the cybersecurity space, he was a C/C++ software developer specializing in authentication and authorization, network protocols, and cryptography. His transition from wrangling bytes, packets, and private keys to researching, writing, and advising positions him well on Forrester’s security and risk team.

Education

David studied computer science and engineering physics at the University of Colorado at Boulder.

David Holmes's Research

Most RecentMost Popular
  • For Security & Risk Professionals

    REPORT: Introducing The Zero Trust Edge Model For Security And Network Services

    Strategic Plan: The Zero Trust Security Playbook

    January 28, 2021David Holmes, Andre Kindness

    To support the digitalization of a company using cloud and internet of things (IoT), many networking teams turned to SD-WAN. However, SD-WAN doesn't address the new security requirements or the forcing function that security and networking worlds must merge. Both I&O and S&R professionals should read this report so they have a better understanding of an emerging Zero Trust solution that will help unify both the networking and security infrastructure to support the businesswide networking fabric.

  • For Security & Risk Professionals

    REPORT: The State Of Network Security, 2020 To 2021

    Benchmarks: The Zero Trust Security Playbook

    January 7, 2021David Holmes, Heidi Shey

    This data-driven report outlines budgeting and spending, security group responsibilities, network security technology, and services adoption in North American and European organizations for 2020 to 2021. Understanding these trends and their implications will help security and risk (S&R) executives examine and adjust their resources for their enterprises' security architecture and operations strategies.

  • For Security & Risk Professionals

    REPORT: The Forrester Tech Tide™: Zero Trust Threat Prevention, Q3 2020

    Twenty Technologies Underpin Zero Trust Threat Prevention

    September 18, 2020David Holmes, Sandy Carielli, Andras Cser, Chase Cunningham, Chris Sherman, Brian Kime, Claire O'Malley

    Zero Trust (ZT) threat prevention is critical to firms' ability to win, serve, and retain their customers. To accelerate their performance in Zero Trust threat prevention, companies are evaluating and adopting a range of contributing technologies. This Forrester Tech Tide™ report presents an analysis of the maturity and business value of the 20 technology categories and over 125 different vendors that support ZT threat prevention. Security and risk professionals should read this report to shape their firm's investment approach to these technologies.

  • For Security & Risk Professionals

    REPORT: The Forrester Wave™: Enterprise Firewalls, Q3 2020

    The 11 Providers That Matter Most And How They Stack Up

    August 10, 2020David Holmes

    In our 34-criterion evaluation of enterprise firewall providers, we identified the 11 most significant ones — Barracuda Networks, Check Point Software Technologies, Cisco, Forcepoint, Fortinet, Huawei, Juniper Networks, Palo Alto Networks, SonicWall, Sophos, and WatchGuard — and researched, analyzed, and scored them. This report shows how each provider measures up and helps security and risk professionals select the right one for their needs.

  • For Security & Risk Professionals

    REPORT: Maintain Security Visibility In The TLS 1.3 Era

    You Have Two Years To Prepare Your Security Tools For TLS 1.3 And DNS-Over-HTTPS

    July 30, 2020David Holmes

    New encryption standards TLS 1.3 and DNS-over-HTTPS (DoH) are sweeping the last crumbs of visible user activity off the enterprise network table. Soon, security controls, already starved for unencrypted traffic to analyze, will be completely famished. This report looks at the actions that security professionals must take now to get their visibility programs back to the feast. Fail to take any action, and within two years, you'll lose the ability to analyze network traffic and detect the cyberthreats that will endanger your organization.

View all of David Holmes's Research

Clients Who Work With David Holmes Also Work With:

View all related analysts