Forrester’s Security & Risk Analyst Spotlight – Chris Sherman

The title hasn’t yet been put to client vote, but Chris Sherman may be the renaissance man of Forrester’s S&R team. As an analyst, Chris advises clients on data security across all endpoints, giving him a broad perspective on current security trends. His experience as a neuroscience researcher at Massachusetts General Hospital also gives him insight into the particular challenges that Forrester’s clients in the healthcare industry face. Lastly, when he hasn’t been writing about endpoint security strategy or studying neural synapse firings, Chris flies Cessna 172’s around New England. Listen to this week’s podcast to learn about recent themes in Chris’s client inquiries as well as the troubles facing a particular endpoint security technology.

Chris Sherman Image

Prior to his role as analyst, Chris was a researcher on the S&R team, where he helped Forrester clients with insights and best practices in endpoint security, mobile security, cloud security, and data privacy. Chris joined Forrester from Harvard Medical School, where he served as a research associate based at Massachusetts General Hospital. He brings with him an extensive background in scientific research, quantitative analysis, and project management.


To download the MP3 version of the podcast, click here.

What do you foresee as the biggest threat to security and privacy in the next 10 years?

Where do I start with this one? I could mention the usual suspects here —vulnerabilities within critical infrastructure, government surveillance, organized cybercrime — but perhaps one of the most interesting to me is the advances seen in artificial intelligence. Last year, a computer program was written that was able to fool 30% of its users in a chat session that they were communicating with a human (an experiment called the Turing Test). Ten years from now, I see advances in artificial intelligence being used to automate increasingly tailored social engineering and network intrusion operations.


Name an app with which you could not live without.

Spotify. It has effectively replaced my iTunes library.


What is one simple thing that a person can do to increase security on his or her computer in less than 10 minutes?

Set up a "Standard User" account on your computer, and use that account for all your day-to-day web/offline activities, entering your admin account password only when known/trusted applications request it. Considering 92% of all malware requires admin rights to run, this simple method can give you a high level of protection with little overhead for the home user.


When you were a kid, what did you want to do when you grew up?

Airline pilot, neuroscientist, writer . . . I alternated between these three for years. Luckily I’ve been able to do each to varying extents.