Amy   DeMartine

Amy DeMartine

Principal Analyst Serving Security & Risk Professionals

Amy helps Security & Risk Professionals transform their current software and application security practices to support continuous delivery and improvement, focusing on strong partnerships with application development, operations, and business teams. Her research covers topics such as proactive security design, security testing in the software delivery life cycle, protection of applications in production environments, and remediation of hardware and software flaws.

Previous Work Experience

In her previous role at Forrester, Amy served Infrastructure & Operations Professionals, covering the strategy, design, organization, and implementation of modern service delivery, including continuous delivery, DevOps, and SecureOps. She has more than 20 years of experience in product management, product and technical marketing, development, and operations roles. Her previous experience includes positions at BMC and HP, where she was responsible for driving IT management software products from conception through the product life cycle, all with the purpose of enabling technology professionals to solve their most pressing issues.

Education

Amy holds a master's degree in telecommunications and a bachelor's degree in electrical and computer engineering from the University of Colorado.

Amy DeMartine

Principal Analyst Serving Security & Risk Professionals

Amy helps Security & Risk Professionals transform their current software and application security practices to support continuous delivery and improvement, focusing on strong partnerships with application development, operations, and business teams. Her research covers topics such as proactive security design, security testing in the software delivery life cycle, protection of applications in production environments, and remediation of hardware and software flaws.

Previous Work Experience

In her previous role at Forrester, Amy served Infrastructure & Operations Professionals, covering the strategy, design, organization, and implementation of modern service delivery, including continuous delivery, DevOps, and SecureOps. She has more than 20 years of experience in product management, product and technical marketing, development, and operations roles. Her previous experience includes positions at BMC and HP, where she was responsible for driving IT management software products from conception through the product life cycle, all with the purpose of enabling technology professionals to solve their most pressing issues.

Education

Amy holds a master's degree in telecommunications and a bachelor's degree in electrical and computer engineering from the University of Colorado.

Amy DeMartine's Research

Most RecentMost Popular
  • For Security & Risk Professionals

    REPORT: The Forrester Wave™: Static Application Security Testing, Q4 2017

    The 10 Vendors That Matter Most And How They Stack Up

    December 12, 2017Amy DeMartine

    In our 29-criteria evaluation of the static application security testing (SAST) market, we identified the 10 most significant vendors — CAST, CA Veracode, Checkmarx, IBM, Micro Focus, Parasoft, Rogue Wave Software, SiteLock, SonarSource, and Synopsys — and researched, analyzed, and scored them. This report shows how each measures up and helps security professionals make the right choice.

  • For Security & Risk Professionals

    REPORT: Construct A Business Case For Interactive Application Security Testing

    How Faster App Releases At Reduced Cost Make IAST Worthwhile

    November 3, 2017Amy DeMartine

    As software delivery times speed up, security professionals are trying to fit repeatable security testing into shrinking software delivery life cycles. Rather than depending on a crawler to assess running applications, interactive application security testing (IAST) tools use developer- and QA tester-created automated functional testing scripts to evaluate security as part of the SDLC. This report details two emerging vendor tools in the IAST space and evaluates the benefits that customers experience using these tools. Security pros can use this report to create a business case for IAST.

  • For Security & Risk Professionals

    REPORT: Vendor Landscape: Runtime Application Self-Protection

    Protect Your Imperfect Code Until It Can Be Fixed

    September 29, 2017Amy DeMartine

    Even with the best prerelease security testing, developers will never write perfectly secure code. Zero-day attacks will continue to target vulnerable open source components, third-party applications, and internally developed code. Web application firewalls provide a helpful protection against such attacks; however, they can only analyze input and output data. Used as a deeper layer of application defense, runtime application self-protection (RASP) tools use insider info of the applications they protect to help security pros more effectively detect and deflect malicious attacks.

  • For Security & Risk Professionals

    REPORT: Secure The Rise Of Intelligent Agents

    Securing Intelligent Agents Will Stress Application Security Basics

    September 14, 2017Amy DeMartine, Jennifer Wise

    Early-stage intelligent agents (IAs) have arrived and are gaining traction among consumers. Leaving behind the direct, detailed commands of their virtual assistant predecessors, IAs will soon see more-advanced artificial intelligence, voice recognition, hardware, partner ecosystems, and data integrations, all to create more hyperpersonalized experiences. It won't be long before customers expect to engage with your business using these IAs, potentially exposing vast amounts of their data and yours. Security pros can use this report to secure IAs by starting with virtual assistants.

  • For Security & Risk Professionals

    REPORT: Assess The Maturity Of Your Application Security Program

    Know What Application Security Functions To Prioritize, And How

    September 14, 2017Amy DeMartine

    Successful attacks on applications continue to prove the ubiquity of software vulnerabilities, and now that applications are releasing faster than ever, the problem will grow much worse if not curtailed. Application security pros must adapt the way they perform prerelease and production application security to increase security in the new model of Agile development and DevOps. Our application security maturity assessment is a prescriptive framework to evaluate maturity level, identify gaps, prioritize improvements, and demonstrate progress.

View all of Amy DeMartine's Research

Clients Who Work With Amy DeMartine Also Work With:

View all related analysts