Ed Ferrara

Principal Analyst serving Security & Risk PROFESSIONALS

Ed contributes to Forrester's offerings for the Security & Risk Professional, leading the company's coverage of security metrics, security program effectiveness, security awareness, and enterprise security information architecture. Ed's research builds on his work as a highly experienced in-program manager for the design and delivery of secure information technology solutions, including strategy, process, applications, and infrastructure. He has consulted with Fortune 50 companies in the area of solution determination based on understanding the needs and the skills required to create a successful security posture for large complex organizations.

Previous Work Experience

Before coming to Forrester, Ed's background was in information security consulting, leading a global information security practice for financial services, commercial, and chemical clients. Ed is an expert in the design and delivery of secure, cost-effective, high-performance information security solutions, methodology, and standards to address complex business and security problems. Ed holds a US patent in the area of software development, specifically in the area of software requirements traceability using UML and software patterns to align business requirements with IT implementation. He has successfully developed and implemented technology and organizational change programs globally for Fortune 100 companies. Ed has strong program and project management skills, as well as, demonstrated competence in multidivision matrix management, technical management, relationship building, and projecting influence at the C-level. Ed holds the CISSP certification.


Ed holds two master's degrees, in education technology and computer science from the University of Delaware and information assurance (cum laude) from Norwich University, as well as a bachelor's degree in economics from Franklin & Marshall College.

Refine your results

Date Range





Market Imperatives



40 results in Reports

  • Ed Ferrara
  • For CIO Professionals

    Report:PRISM's Impact On The US Cloud Industry

    A Business Technographics Document: Forrester Survey Suggests NSA Spying Has Driven More Use Of Encryption Than Migration

    Since Edward Snowden revealed the US National Security Agency's PRISM spying program, there has been widespread speculation that the announcement would ruin the fates of US cloud, hosting, and...

    • For Security & Risk Professionals

      Report:Quick Take: The State Of Privacy In The Union

      President Obama Introduces Privacy Initiatives With High Merit But Low Potential

      United States President Barack Obama introduced several proposed privacy initiatives in his 2015 State of the Union address and in preview comments he made to the Federal Trade Commission (FTC) the...

      • Downloads: 67
    • For Security & Risk Professionals

      Report:Measure The Effectiveness Of Your Security Operations

      Performance Management: The Security Architecture And Operations Playbook

      Information security programs have struggled with legitimacy with senior leaders for a long time. There are many reasons for this, but the root cause is the historical inability of CISOs to explain...

      • Downloads: 919
    • For Security & Risk Professionals

      Report:Understand Cybersecurity And Risk Budgets For 2015

      Benchmarks: The S&R Practice Playbook

      2014 was a watershed year for cybercrime, and companies of all sizes have noticed. Executives are now placing renewed emphasis on cybersecurity, and budgets are increasing accordingly. Chief...

      • Downloads: 273
    • For Security & Risk Professionals

      Report:Quick Take: Sony Breach — A Sad Tale Of Epic Failure That Could Have Been Avoided

      Businesses Must Prepare For Politically And Socially Motivated Cyberattacks And Cyberespionage

      Although we are in the early stages of Sony Pictures Entertainment's (SPE's) catastrophically embarrassing intrusion, there are still many lessons that security and risk (S&R) professionals can take...

      • Downloads: 266
    • For Security & Risk Professionals

      Report:Quick Take: Cisco Acquires Neohapsis

      Deal Will Expand Cisco's Capabilities In Application, Cloud, And Mobile Security

      Cisco Systems announced this week its intent to acquire closely held Chicago-based Neohapsis, a decision that will substantially broaden Cisco's consulting capabilities. Most notably, the acquisition...

      • Downloads: 36
    • For Security & Risk Professionals

      Report:Measure The Effectiveness Of Your Data Privacy Program

      Performance Management: The Data Security And Privacy Playbook

      Privacy is one of the most important and emotional issues in information security. Privacy, or the lack thereof, affects a company's management, employees, and most importantly, customers. With the...

      • Downloads: 563
    • For Security & Risk Professionals

      Report:Develop Effective Security Metrics

      Performance Management: The S&R Practice Playbook

      Establishing meaningful security metrics is a key initiative for chief information security officers (CISOs) today, and for nearly all of them, it's a struggle. Some CISOs use a broad brush approach,...

      • Downloads: 2586
    • For Security & Risk Professionals

      Report:The Forrester Wave™: Managed Security Services: North America, Q4 2014

      Tools & Technology: The S&R Practice Playbook

      Forrester's 26-criteria evaluation of managed security service providers (MSSPs) included the 13 most significant vendors in the North American market that security and risk professionals can turn to...

      • Downloads: 374
    • For Security & Risk Professionals

      Report:The Forrester Wave™: Public Cloud Platform Service Providers' Security, Q4 2014

      Public Cloud Platforms Step Up Their Security Game, But Is It Enough To Safely Deploy Critical Applications And Data To The Cloud?

      Nearly every large enterprise today is building and deploying new applications on one or more of the leading public cloud platforms. But rarely is this initiative done with the security and risk...

      • Downloads: 390
    • For CIO Professionals

      Report:Quick Take: CIOs Must Respond To Amazon's Disruptive Cloud

      Amazon's Relentless Pace Continues At re:Invent With Nine New Services

      The Amazon Web Services (AWS) re:Invent 2014 conference is something of an understatement as far as names go. This year's AWS conference was bigger than ever, with more than 13,500 attendees from 63...

      • Downloads: 161
    • For Security & Risk Professionals

      Report:Predictions 2015: Data Security And Privacy Are Competitive Differentiators

      Landscape: The Data Security And Privacy Playbook

      Love him or hate him, Edward Snowden's revelations of widespread National Security Agency (NSA) government surveillance triggered an international discussion and debate on privacy. Suddenly, the...

      • Downloads: 374
    • For Security & Risk Professionals

      Report:Create A Security Strategy That Builds Real Business Value

      Strategic Plan: The S&R Practice Playbook

      Creating and maintaining a security strategy are fundamental tasks for CISOs; the strategy is a declaration of intent and a foundation for change. Unfortunately, many strategies fail to create...

      • Downloads: 230
    • For Security & Risk Professionals

      Report:Quick Take: BAE Systems Buys SilverSky

      Acquisition Extends BAE's Analytics And Threat Intelligence Into Commercial Markets

      BAE Applied Intelligence — a subsidiary of BAE Systems — has made the next logical step to operationalize its security analytics and threat intelligence offerings by acquiring managed...

      • Downloads: 59
    • For Security & Risk Professionals

      Report:CISOs Need To Add Customer Obsession To Their Job Description

      Business Case: The S&R Practice Playbook

      In today's connected world, security is an essential feature for all digitally delivered products and services. Soon, no one will purchase a product or service if they believe the effort will pose...

      • Downloads: 213
    • For Security & Risk Professionals

      Report:Brief: Work With The US Government On Cybersecurity Innovation

      The Department Of Homeland Security Announces Funding For Cybersecurity Research

      The US Federal government's participation in cybersecurity has been burdened with false starts and political wrangling. Members of the US Congress and the Executive Branch of the US Government have...

      • Downloads: 115
    • For Security & Risk Professionals

      Report:Detecting Cyberthreats With Fraud-Based Advanced Analytics Technology

      New Security Analytics Capabilities Will Replace Traditional SIEM, And Security Service Providers Will Lead The Adoption

      Security and risk (S&R) professionals know that cyberattacks are often the first step in the complex dance of credit card theft and the fraud that results. Cyberattacks take many forms and affect...

      • Downloads: 355
    • For Security & Risk Professionals

      Report:Brief: AT&T And IBM Accelerate The Move To Utility-Based Security

      Reliable And Effective Security Utilities Free Resources So That CISOs Can Focus On Customers

      AT&T and IBM announced in February a strategic alliance to provide a set of comprehensive security services that, if successful, would define the next generation of managed security services...

      • Downloads: 160
    • For Security & Risk Professionals

      Report:Market Overview: Managed Security Services, Europe, Q2 2014

      Twenty-One Providers To Consider For Managed Security Services In The European Market

      As security and risk professionals rush to deal with new business complexities and threats, they're turning to third parties to extend their organizations' security capabilities with as much...

      • Downloads: 473
    • For Security & Risk Professionals

      Report:Top 15 Trends S&R Pros Should Watch: 2014

      Each year, analysts from across Forrester's security and risk research team draw insight from our hundreds of enterprise questions, vendor briefings, and consultations; the 25-plus research projects...

      • Downloads: 653
    • For Security & Risk Professionals

      Report:Quick Take: Stem The "Heartbleed"

      How To Fix A Broken OpenSSL Implementation And What To Do While Everyone Else Fixes Theirs

      To secure eCommerce, banking, healthcare, and other high-risk transactions, many security pros use the secure socket layer/transport layer security (SSL/TLS) protocol to encrypt sensitive information...

      • Downloads: 391
    • For Security & Risk Professionals

      Report:AWS Cloud Security

      AWS Takes Important Steps For Securing Cloud Workloads

      Security to and from the cloud is a hot topic. The notion that cloud technologies should not be used by large enterprises due to security concerns is rapidly fading. Security still ranks as the No. 1...

      • Downloads: 667
    • For Security & Risk Professionals

      Report:Twelve Recommendations For Your Security Program In 2014

      Customer Trust And Digital Disruption Are Key Considerations For Your 2014 Security Strategy

      Every winter Forrester outlines 12 important recommendations for your security and risk management strategy for the coming year. These recommendations stem from our understanding of the current state...

      • Downloads: 1006
    • For Security & Risk Professionals

      Report:Quick Take: FireEye Acquires Mandiant

      FireEye Emerging As A Leader In A New Breed Of Security Companies

      On January 2, 2014, FireEye announced its acquisition of incident response and forensics specialist Mandiant for nearly $900 million in stock and $100 million in cash. With this acquisition, FireEye...

      • Downloads: 196
    • For Security & Risk Professionals

      Report:Quick Take: Akamai Acquires Prolexic, Doubling Down On DDoS Mitigation Services

      On December 2, 2013, Akamai Technologies announced its acquisition of Prolexic Technologies, a provider (with more than 400 customers) of cloud-based DDoS protection and mitigation services for data...

      • Downloads: 160