Ed Ferrara

Principal Analyst serving Security & Risk PROFESSIONALS

Ed contributes to Forrester's offerings for the Security & Risk Professional, leading the company's coverage of security metrics, security program effectiveness, security awareness, and enterprise security information architecture. Ed's research builds on his work as a highly experienced in-program manager for the design and delivery of secure information technology solutions, including strategy, process, applications, and infrastructure. He has consulted with Fortune 50 companies in the area of solution determination based on understanding the needs and the skills required to create a successful security posture for large complex organizations.

Previous Work Experience

Before coming to Forrester, Ed's background was in information security consulting, leading a global information security practice for financial services, commercial, and chemical clients. Ed is an expert in the design and delivery of secure, cost-effective, high-performance information security solutions, methodology, and standards to address complex business and security problems. Ed holds a US patent in the area of software development, specifically in the area of software requirements traceability using UML and software patterns to align business requirements with IT implementation. He has successfully developed and implemented technology and organizational change programs globally for Fortune 100 companies. Ed has strong program and project management skills, as well as, demonstrated competence in multidivision matrix management, technical management, relationship building, and projecting influence at the C-level. Ed holds the CISSP certification.

Education

Ed holds two master's degrees, in education technology and computer science from the University of Delaware and information assurance (cum laude) from Norwich University, as well as a bachelor's degree in economics from Franklin & Marshall College.

Refine your results

Date Range

Role

Methodology

Industry

Topics

Market Imperatives

Region

Vendor

41 results in Reports

  • Ed Ferrara
  • For Security & Risk Professionals

    Report:Develop Effective Security Metrics

    Performance Management: The S&R Practice Playbook

    Establishing meaningful security metrics is a key initiative for chief information security officers (CISOs) today, and for nearly all of them, it's a struggle. Some CISOs use a broad brush approach,...

    • Downloads: 2601
  • For Security & Risk Professionals

    Report:The Forrester Wave™: Emerging Managed Security Service Providers, Q1 2013

    Ten Emerging Service Providers That Have The Chops To Be Your Managed Security Service Provider

    In Forrester's 15-criteria evaluation of the emerging managed security services provider (MSSP) market, we identified the 10 most significant providers in this category — Alert Logic; CompuCom;...

    • Downloads: 1331
  • For Security & Risk Professionals

    Report:The Forrester Wave™: Managed Security Services: North America, Q1 2012

    The Nine Service Providers That Matter Most And How They Stack Up

    In Forrester's 60-criteria evaluation of the North American managed security services market, we identified the nine significant service providers in this category — AT&T, CSC, Dell...

    • Downloads: 1354
  • For Security & Risk Professionals

    Report:The Forrester Wave™: Information Security Consulting Services, Q1 2013

    Ernst & Young, Deloitte, IBM, Accenture, PwC, And KPMG Lead, With Wipro Following Close Behind

    The information security consulting market is growing explosively because security and risk professionals often lack the skill and bandwidth to accomplish their increasingly difficult mission. To...

    • Downloads: 1177
  • For Security & Risk Professionals

    Report:Twelve Recommendations For Your Security Program In 2014

    Customer Trust And Digital Disruption Are Key Considerations For Your 2014 Security Strategy

    Every winter Forrester outlines 12 important recommendations for your security and risk management strategy for the coming year. These recommendations stem from our understanding of the current state...

    • Downloads: 1010
  • For Security & Risk Professionals

    Report:Measure The Effectiveness Of Your Security Operations

    Performance Management: The Security Architecture And Operations Playbook

    Information security programs have struggled with legitimacy with senior leaders for a long time. There are many reasons for this, but the root cause is the historical inability of CISOs to explain...

    • Downloads: 955
  • For Security & Risk Professionals

    Report:Don't Bore Your Executives — Speak To Them In A Language That They Understand

    Seven Critical Executive-Level Metrics For CISOs And The Business

    The ability to communicate effectively has always been a core competency for any business executive, and today's chief information security officer (CISO) is fast becoming a business executive. The...

    • Downloads: 954
  • For Security & Risk Professionals

    Report:Security's Cloud Revolution Is Upon Us

    Understanding Information Security Amid Major Cloud Disruption

    A perceived lack of security has been one of the more prominent reasons organizations cite for not adopting cloud services. However, this attitude is changing rapidly as cloud service providers...

    • Downloads: 846
  • For Security & Risk Professionals

    Report:Determine The Business Value Of An Effective Security Program — Information Security Economics 101

    This report outlines Forrester's approach to helping you financially model information security. In today's seemingly never-ending cycle of new technologies, cyberthreats, and regulations, it's...

    • Downloads: 877
  • For Security & Risk Professionals

    Report:Top 15 Trends S&R Pros Should Watch: 2014

    Each year, analysts from across Forrester's security and risk research team draw insight from our hundreds of enterprise questions, vendor briefings, and consultations; the 25-plus research projects...

    • Downloads: 671
  • For Security & Risk Professionals

    Report:Source Your Security Services

    This report outlines a sourcing strategy and Forrester's decision support solution for security and risk (S&R) executives working to build a high-performance security program and organization. We...

    • Downloads: 736
  • For Security & Risk Professionals

    Report:The Forrester Information Security Metrics Maturity Model

    In conjunction with Forrester's update to our information security metrics and best practices report, Forrester has developed a model to help you assess the maturity of your security metrics program.

    • Downloads: 166
  • For Security & Risk Professionals

    Report:AWS Cloud Security

    AWS Takes Important Steps For Securing Cloud Workloads

    Security to and from the cloud is a hot topic. The notion that cloud technologies should not be used by large enterprises due to security concerns is rapidly fading. Security still ranks as the No. 1...

    • Downloads: 674
  • For Security & Risk Professionals

    Report:Quick Take: Stem The "Heartbleed"

    How To Fix A Broken OpenSSL Implementation And What To Do While Everyone Else Fixes Theirs

    To secure eCommerce, banking, healthcare, and other high-risk transactions, many security pros use the secure socket layer/transport layer security (SSL/TLS) protocol to encrypt sensitive information...

    • Downloads: 393
  • For Security & Risk Professionals

    Report:Market Overview: Managed Security Services, Europe, Q2 2014

    Twenty-One Providers To Consider For Managed Security Services In The European Market

    As security and risk professionals rush to deal with new business complexities and threats, they're turning to third parties to extend their organizations' security capabilities with as much...

    • Downloads: 487
  • For Security & Risk Professionals

    Report:The Forrester Wave™: Managed Security Services: North America, Q4 2014

    Tools & Technology: The S&R Practice Playbook

    Forrester's 26-criteria evaluation of managed security service providers (MSSPs) included the 13 most significant vendors in the North American market that security and risk professionals can turn to...

    • Downloads: 435
  • For Security & Risk Professionals

    Report:The Forrester Wave™: Public Cloud Platform Service Providers' Security, Q4 2014

    Public Cloud Platforms Step Up Their Security Game, But Is It Enough To Safely Deploy Critical Applications And Data To The Cloud?

    Nearly every large enterprise today is building and deploying new applications on one or more of the leading public cloud platforms. But rarely is this initiative done with the security and risk...

    • Downloads: 430
  • For Security & Risk Professionals

    Report:Measure The Effectiveness Of Your Data Privacy Program

    Performance Management: The Data Security And Privacy Playbook

    Privacy is one of the most important and emotional issues in information security. Privacy, or the lack thereof, affects a company's management, employees, and most importantly, customers. With the...

    • Downloads: 581
  • For Security & Risk Professionals

    Report:Brokered Cloud Identity Is Scaling New Heights

    Identity Hub Solutions Ease Integration Pain And Offer Flexibility

    We're moving fast into a world of loosely coupled, cloud-based data centers. Cloud infrastructure models complicate the identity and access management (IAM) landscape — and represent...

    • Downloads: 442
  • For Security & Risk Professionals

    Report:Predictions 2015: Data Security And Privacy Are Competitive Differentiators

    Landscape: The Data Security And Privacy Playbook

    Love him or hate him, Edward Snowden's revelations of widespread National Security Agency (NSA) government surveillance triggered an international discussion and debate on privacy. Suddenly, the...

    • Downloads: 408
  • For Security & Risk Professionals

    Report:Security Operations Center (SOC) Staffing

    People Make The SOC Successful

    Building and operating a security operations center (SOC) requires massive investment and difficult decisions, and one of the critical gating factors of success is skill availability. While technical...

    • Downloads: 461
  • For Security & Risk Professionals

    Report:SAS 70 Out, New Service Organization Control Reports In

    Security And Risk Professionals Must Prepare To Phase Out SAS 70 Today

    Developed by the American Institute of CPAs (AICPA), the Statements on Auditing Standards 70 (SAS 70) has been around since 1992. When the Sarbanes-Oxley Act (SOX) of 2002 passed, SAS 70 gained new...

    • Downloads: 468
  • For Security & Risk Professionals

    Report:Determine The Value Of Information Security Assets And Liabilities — Information Security Economics 102

    This is the second in a series of reports providing guidance and new methods for the financial management of information security. The CISO's role is rapidly changing. A few years ago the CISO for...

    • Downloads: 445
  • For Security & Risk Professionals

    Report:Detecting Cyberthreats With Fraud-Based Advanced Analytics Technology

    New Security Analytics Capabilities Will Replace Traditional SIEM, And Security Service Providers Will Lead The Adoption

    Security and risk (S&R) professionals know that cyberattacks are often the first step in the complex dance of credit card theft and the fraud that results. Cyberattacks take many forms and affect...

    • Downloads: 372
  • For Security & Risk Professionals

    Report:Quick Take: Sony Breach — A Sad Tale Of Epic Failure That Could Have Been Avoided

    Businesses Must Prepare For Politically And Socially Motivated Cyberattacks And Cyberespionage

    Although we are in the early stages of Sony Pictures Entertainment's (SPE's) catastrophically embarrassing intrusion, there are still many lessons that security and risk (S&R) professionals can take...

    • Downloads: 283