Forrester’s Security & Risk Spotlight – Jeff Pollard
One of the S&R team’s newest additions, Principal Analyst Jeff Pollard comes to Forrester after many years at major security services firms. His research guides client initiatives related to managed security services, security outsourcing, and security economics, and integrating security services into operational workflows, incident response processes, threat intelligence applications, and business requirements. Jeff is already racking up briefings and client inquiries, so get on his schedule while you still can! (As a side note, while incident response is generally not funny, Jeff is. He would be at least a strong 3 seed in a hypothetical Forrester Analyst Laugh-Off tournament. Vegas has approved that seeding.)
Prior to joining Forrester, Jeff served as a global architect at Verizon, Dell SecureWorks, and Mandiant, working with the world's largest organizations in financial services, telecommunications, media, and defense. In those roles he helped clients fuse managed security and professional services engagements in security monitoring, security management, red teams, penetration testing, OSINT, forensics, and application security.
Click the link below to hear Jeff discuss some common themes of his client inquiries, current opportunities and challenges when using managed security services technologies, and topics he’s covering in upcoming research.
To download the MP3 version of the podcast, click here.
What do you foresee as the biggest threats to security and privacy in the United States in the next ten years?
1) The nation-state capabilities of our adversaries, combined with less theft-related attacks (IP, PII, etc.) and more data destruction and alteration.
2) Laissez-Faire attitudes toward data residence, data governance, and data exchange, especially in regard to users.
3) Skills gaps in finding and training security talent in comparison to other nation-states. Our over-reliance on college education and computer science in particular place a drain on our ability to source candidates with the right skills.
What is your favorite security product or technology?
As a services guy, my answer lies between none and all of them. I tend to focus more on the workflow that products create rather than the tech itself. That said, I like using technologies related to malware analysis–both dynamic and static–as well as endpoint tools with IR & forensics use cases.
What brought you to Forrester? What’s your favorite thing about Forrester?
The curiosity, collaboration, and commitment of the organization brought me to Forrester. The dedication that everyone in the organization has toward creating and providing an excellent experience for our clients is inspiring.
What’s your best piece of advice for someone looking to break into the security and risk field?
Be or become an autodidact. Security has some of the best organic community building and contribution of any professional field. Rather than being an isolationist group focused on protecting skills, we are a group of collaborators and contributors. In a world of open source technologies, YouTube videos, blogs, and conferences, the world is wide open for those willing to commit to developing expertise.
What do you dislike most in the security field?
Charlatans and dilettantes. The number of technologies, startups, and people entering the field has grown exponentially, which has brought in some great external ideas; unfortunately, some people and companies have fallen prey to silver-bulletism that is destined to overpromise and underdeliver. The implications of poor security technology are much more severe than those of other technologies–that’s a lesson some companies and customers, sadly, will have to learn.