Sandy   Carielli

Sandy Carielli

Principal Analyst Serving Security & Risk Professionals

Sandy is a principal analyst at Forrester advising security and risk professionals on application security, with a particular emphasis on the collaboration among security and risk, application development, operations, and business teams. Her research covers topics such as proactive security design, security testing in the software delivery lifecycle, protection of applications in production environments, and remediation of hardware and software flaws.

Previous Work Experience

Sandy has over 15 years of experience in the security industry, working in software engineering, consulting, product management, and technology strategy roles. Her most recent experience was at Entrust Datacard, where she guided the organization’s technology strategy and researched the impact of emerging technologies on the business. Prior to that, Sandy was director of product management at RSA, where she was responsible for the SecurID and Data Protection portfolio. Sandy spent four years as a consultant at @stake, where she conducted application architecture assessments, penetration tests, and code reviews for enterprise customers and recommended risk mitigation strategies based on her findings. Sandy began her career as a software engineer at BBN Technologies and CyberTrust Solutions. Sandy is a coauthor of the Industrial Internet Consortium’s IoT Security Maturity Model and has spoken at RSA Conference, SOURCE Boston, ISSA International, and many other regional security events.

Education

Sandy has a ScB in mathematics from Brown University and an MBA from the MIT Sloan School of Management.

Sandy Carielli

Principal Analyst Serving Security & Risk Professionals

Sandy is a principal analyst at Forrester advising security and risk professionals on application security, with a particular emphasis on the collaboration among security and risk, application development, operations, and business teams. Her research covers topics such as proactive security design, security testing in the software delivery lifecycle, protection of applications in production environments, and remediation of hardware and software flaws.

Previous Work Experience

Sandy has over 15 years of experience in the security industry, working in software engineering, consulting, product management, and technology strategy roles. Her most recent experience was at Entrust Datacard, where she guided the organization’s technology strategy and researched the impact of emerging technologies on the business. Prior to that, Sandy was director of product management at RSA, where she was responsible for the SecurID and Data Protection portfolio. Sandy spent four years as a consultant at @stake, where she conducted application architecture assessments, penetration tests, and code reviews for enterprise customers and recommended risk mitigation strategies based on her findings. Sandy began her career as a software engineer at BBN Technologies and CyberTrust Solutions. Sandy is a coauthor of the Industrial Internet Consortium’s IoT Security Maturity Model and has spoken at RSA Conference, SOURCE Boston, ISSA International, and many other regional security events.

Education

Sandy has a ScB in mathematics from Brown University and an MBA from the MIT Sloan School of Management.

Sandy Carielli's Research

Most RecentMost Popular
  • For Security & Risk Professionals

    REPORT: Top Cybersecurity Threats In 2020

    Landscape: The Zero Trust Security Playbook

    January 24, 2020 Josh Zelonis, Sandy Carielli

    Security and risk (S&R) pros have the challenging task of using finite budgets to protect their business from every type of attack in the threat landscape. One strategy for approaching this challenge is to use historical trends to prioritize protections against attacks that are the most probable. This report analyzes common attack patterns responsible for 2019 breaches.

  • For Security & Risk Professionals

    REPORT: The State Of Government Application Security, 2020

    Government Must Invest Aggressively In Application Security To Protect Citizen Data

    January 7, 2020Sandy Carielli, Amy DeMartine

    Confidence in the ability of government to keep citizen data safe is low, and with good reason: Malicious attackers stand ready to target government agencies and their treasure trove of data. Applications remain the biggest external attack method, and government entities must aggressively protect applications to secure the data these apps create and access. Governments are far behind all industries in key areas of application protection. Security pros at government agencies should use this report to target crucial application security improvements.

  • For Security & Risk Professionals

    REPORT: Now Tech: Web Application Firewalls, Q4 2019

    Forrester's Overview Of 31 WAF Providers

    December 20, 2019Sandy Carielli, Amy DeMartine

    You can use web application firewalls (WAFs) to protect applications, apply consistent and global security policies, and comply with regulations. But to realize these benefits, you'll first have to select from a diverse set of vendors that vary by size, functionality, geography, and vertical market focus. Security pros should use this report to understand the value they can expect from a WAF provider and to select one based on size and functionality.

  • For Security & Risk Professionals

    REPORT: New Tech: Bot Management, Q4 2019

    Forrester's Landscape Overview Of 22 Providers

    December 13, 2019Sandy Carielli, Amy DeMartine

    Software programs make attacking applications easy. Malicious hackers use these programs — called "bots" — to quickly develop, launch, and evolve attacks. These can be simplistic or sophisticated, broad or targeted, and they're often difficult to distinguish from legitimate traffic. Bot management tools are emerging to combat this threat, determining which automated traffic is good or bad and thwarting the bad. Security pros should use this report to understand the capabilities in different bot management market segments and to inform their technology strategies.

View all of Sandy Carielli's Research

Clients Who Work With Sandy Carielli Also Work With:

View all related analysts