Rick Holland

Principal Analyst serving Security & Risk PROFESSIONALS

Rick Holland is a principal analyst at Forrester Research, where he serves Security & Risk Professionals. Rick works with senior information security leadership, providing strategic guidance on security architecture, security operations, and data privacy. His research focuses on incident response, threat intelligence, vulnerability management, email and web content security, and virtualization security. Rick speaks at security events including the RSA conference and SANS summits. He is regularly quoted in the media and is a frequent guest lecturer at the University of Texas at Dallas.

Previous Work Experience

Prior to joining Forrester, Rick was a solutions engineer with a national information security reseller and service provider. He advised Fortune 500 clients on security strategy and architected enterprise security solutions. Before that, he worked in both higher education and the home building industry, where he focused on intrusion detection, incident handling, and forensics. Rick also served as an intelligence analyst in the US Army stationed in the US, Europe, and the Middle East.


Rick holds a B.S. in business administration with an MIS concentration (cum laude) from the University of Texas at Dallas. Rick is also a Certified Information Systems Security Professional (CISSP), a Certified Information Systems Auditor (CISA), and a GIAC Certified Incident Handler (GCIH).

Refine your results

Date Range




Market Imperatives



38 results in Reports

  • Rick Holland
  • For Security & Risk Professionals

    Report:Planning For Failure

    An Effective Incident Management Program Is Essential To Help You Stay In Business

    S&R pros, it's not a question of if — but when — your organization will experience a serious security breach. Cybercriminals are using more sophisticated and targeted attacks to steal...

    • For Security & Risk Professionals

      Report:Forrester's Targeted-Attack Hierarchy Of Needs:Assess Your Core Capabilities

      Assessment: The Security Architecture And Operations Playbook

      Targeted attacks continue to plague organizations, and these intrusions damage the brand, customer loyalty, and margins. Preparing for and responding to these attacks requires a focused and resolute...

      • Downloads: 659
    • For Security & Risk Professionals

      Report:Quick Take: Sony Breach — A Sad Tale Of Epic Failure That Could Have Been Avoided

      Businesses Must Prepare For Politically And Socially Motivated Cyberattacks And Cyberespionage

      Although we are in the early stages of Sony Pictures Entertainment's (SPE's) catastrophically embarrassing intrusion, there are still many lessons that security and risk (S&R) professionals can take...

      • Downloads: 266
    • For Security & Risk Professionals

      Report:Quick Take: Cisco Acquires Neohapsis

      Deal Will Expand Cisco's Capabilities In Application, Cloud, And Mobile Security

      Cisco Systems announced this week its intent to acquire closely held Chicago-based Neohapsis, a decision that will substantially broaden Cisco's consulting capabilities. Most notably, the acquisition...

      • Downloads: 36
    • For Security & Risk Professionals

      Report:Transform Your Security Architecture And Operations For The Zero Trust Ecosystem

      Landscape: The Security Architecture And Operations Playbook

      Forrester's Zero Trust Model of information security banishes the old security motto of "trust but verify" and replaces it with a new motto: "Verify but never trust." When you're trying to protect...

      • Downloads: 805
    • For Security & Risk Professionals

      Report:Job Description: Security Architect

      Organization: The Security Architecture And Operations Playbook

      We designed this report for security and risk (S&R) executives who are rethinking their security architecture and working to improve the effectiveness of their operations, to help them hire one of...

      • Downloads: 897
    • For Security & Risk Professionals

      Report:Know Your Adversary

      Five Steps To Incorporate Adversary Intelligence Into Your Cybersecurity Program

      In February 2013, incident management and forensics expert Mandiant issued a report exposing the identities of three members of a cyberespionage group known as APT1. Then in May 2014, the US...

      • Downloads: 189
    • For Security & Risk Professionals

      Report:Quick Take: Proofpoint Acquires Nexgate

      Acquisition Signals A Maturing Social Risk And Compliance Market, But Proofpoint Still Has 'Points To Prove'

      On October 23, 2014, Proofpoint announced that it had acquired social risk and compliance (SRC) vendor Nexgate for approximately $35 million. While smaller than other security or social media vendor...

      • Downloads: 48
    • For Security & Risk Professionals

      Report:Quick Take: BAE Systems Buys SilverSky

      Acquisition Extends BAE's Analytics And Threat Intelligence Into Commercial Markets

      BAE Applied Intelligence — a subsidiary of BAE Systems — has made the next logical step to operationalize its security analytics and threat intelligence offerings by acquiring managed...

      • Downloads: 59
    • For Security & Risk Professionals

      Report:Quick Take: Symantec Splits In Two

      Splitting Is Symantec's Best Opportunity To Refocus, Innovate, And Compete

      On October 9, 2014, Symantec announced that it will separate into two independent, publicly traded companies. Recently appointed CEO, Michael Brown, will stay on as CEO of Symantec, which will market...

      • Downloads: 129
    • For Security & Risk Professionals

      Report:Brief: Apple Throws Down The Privacy Gauntlet

      Apple Offers New Commitment And Tech To Protect Privacy, But It Needs To Go Much Further

      On September 17, 2014, Apple's chief executive officer, Tim Cook, published a letter detailing Apple's commitment to customer privacy. The unfortunate timing of Apple's highly public and embarrassing...

      • Downloads: 62
    • For Security & Risk Professionals

      Report:Use Actionable Threat Intelligence To Protect Your Digital Business

      Threat Intel Must Have Business Alignment, Relevance, And Integration To Be Effective

      Threat intelligence is one of the most over-hyped capabilities within information security today. Ask five different security vendors what actionable threat intelligence means and you will...

      • Downloads: 298
    • For Security & Risk Professionals

      Report:Forrester's Targeted-Attack Hierarchy Of Needs: Assess Your Advanced Capabilities

      Multiple Technologies Are Required For Breach Detection

      In part 1 of our research series, we detailed the foundational requirements for building the necessary resiliency to targeted cyberattacks. With the foundational requirements in place, security and...

      • Downloads: 413
    • For Security & Risk Professionals

      Report:Brief: S&R Pros Can No Longer Ignore Threats To Critical Infrastructure

      When Selecting Security Vendors, Look For Specialized Industry Expertise

      For years, security and risk (S&R) professionals have focused almost exclusively on protecting the organization's sensitive information resources, such as customer data, intellectual property, and...

      • Downloads: 159
    • For Security & Risk Professionals

      Report:Develop A Two-Phased DDoS Mitigation Strategy

      Protect Yourself From Hacktivists And Other Cybercriminals

      Until recently, distributed denial of service (DDoS) attacks had been part of infosec lore: something you heard about but rarely experienced. With the rise of hacktivist groups and other...

      • Downloads: 577
    • For Security & Risk Professionals

      Report:Brief: Proofpoint Strengthens Its Targeted Attack Defense With NetCitadel Acquisition

      Acquisition Is Proof That You Must Integrate Advanced Detection With Incident Response

      On May 20, 2014, Proofpoint announced that it had acquired Silicon-Valley-based startup NetCitadel, a privately owned incident response company, for approximately $24 million in cash. While small,...

      • Downloads: 66
    • For Security & Risk Professionals

      Report:Defend Your Data From Cyberthreats With A Zero Trust Network

      Executive Overview: The Security Architecture And Operations Playbook

      We've all heard about the "evolving threat landscape." In biology, evolution is a process that takes millions of years to occur as a result of small changes in successive generations. Mutations, in...

      • Downloads: 817
    • For Security & Risk Professionals

      Report:Quick Take: Cisco Acquires ThreatGrid, Bolstering Advanced Malware Protection

      Cisco Broadens A Strong Portfolio But Still Needs To Better Explain Its Overall Security Product Road Map

      On May 20, 2014, Cisco Systems announced its intention to acquire privately-held dynamic malware analysis company ThreatGrid for an undisclosed amount. This acquisition enhances Cisco Systems'...

      • Downloads: 92
    • For Security & Risk Professionals

      Report:Brief: S&R Pros Remain Unprepared To Address Virtualization And Cloud Security Risks

      S&R Pros Must Accelerate Their Knowledge, Skills, And Approach To Avoid Failure

      For years, infrastructure and operations (I&O) leaders have embraced virtualization as a means to achieve consolidation and cost savings. Today, virtualization offers more than just cost savings: It...

      • Downloads: 249
    • For Security & Risk Professionals

      Report:Top 15 Trends S&R Pros Should Watch: 2014

      Each year, analysts from across Forrester's security and risk research team draw insight from our hundreds of enterprise questions, vendor briefings, and consultations; the 25-plus research projects...

      • Downloads: 653
    • For Security & Risk Professionals

      Report:Quick Take: Stem The "Heartbleed"

      How To Fix A Broken OpenSSL Implementation And What To Do While Everyone Else Fixes Theirs

      To secure eCommerce, banking, healthcare, and other high-risk transactions, many security pros use the secure socket layer/transport layer security (SSL/TLS) protocol to encrypt sensitive information...

      • Downloads: 391
    • For Security & Risk Professionals

      Report:Quick Take: Palo Alto Networks Acquires Cyvera

      Palo Alto Extends Its Reach To The Endpoint

      On March 24, 2014, Palo Alto Networks announced an agreement to acquire Cyvera, a privately held endpoint security company, for approximately $200 million. With the acquisition, Palo Alto Networks...

      • Downloads: 96
    • For Security & Risk Professionals

      Report:Quick Take: Bit9 And Carbon Black Merge

      Bit9 With Carbon Credits Is An Impressive Endpoint Security Play

      On February 13, 2014, Bit9 announced that it had merged with endpoint incident response startup Carbon Black, for an undisclosed amount. Bit9 also announced that it had raised $38.25 million to fuel...

      • Downloads: 107
    • For Security & Risk Professionals

      Report:Twelve Recommendations For Your Security Program In 2014

      Customer Trust And Digital Disruption Are Key Considerations For Your 2014 Security Strategy

      Every winter Forrester outlines 12 important recommendations for your security and risk management strategy for the coming year. These recommendations stem from our understanding of the current state...

      • Downloads: 1006
    • For Security & Risk Professionals

      Report:Quick Take: FireEye Acquires Mandiant

      FireEye Emerging As A Leader In A New Breed Of Security Companies

      On January 2, 2014, FireEye announced its acquisition of incident response and forensics specialist Mandiant for nearly $900 million in stock and $100 million in cash. With this acquisition, FireEye...

      • Downloads: 196