Allie Mellen

“The Blob” in the security industry can prevent us from having the deep, real conversations about the actual issues practitioners are facing today. Find out how to avoid this.

A few weeks ago, I spoke on a podcast with some of my former colleagues about my experiences in the security industry as a young woman. TL;DR: It’s not always great, and that’s true for many women in the industry. We showed that in our research on Best Practices: Recruiting, Retaining, And Advancing Women In […]

Black Hat USA 2023: Insights From Our Short Vegas Residency Black Hat has gone from being RSAC’s smaller tech and practitioner-focused cousin to being a commercial showcase for cybersecurity vendors. A tightly packed, noisy Business Hall included over 300 vendors and 400 organizations with booths, which was great for swag but bad for anyone with […]

This week, we are thrilled to release new research: Build Trust And Lasting Emotional Bonds With Empathy. This report delves into empathy, one of the most critical of the seven levers of trust defined in the trust imperative.   Forrester defines empathy as: The perception that an organization is emotionally connected to its customers, employees, […]

Too much data, monolithic software, and control issues. The security operations center is at a tipping point. Learn how following the detection and response development lifecycle framework can help your SOC get beyond it.

Security and risk leaders beware, the Biden Administration released the next major step in its plan to implement the National Cybersecurity Strategy (NCS) on July 13, 2023. The National Cybersecurity Strategy Implementation Plan (NCSIP) includes 65 federal initiatives across five pillars aimed at increasing cybersecurity investment, assigning federal agencies to specific initiatives, and giving timelines […]

Every year, Forrester fields the Forrester Analytics Business Technographics® Security Survey, which provides insight into security decision-makers’ current state, challenges, and forward-looking priorities. We analyzed the 2022 data to assess data breaches across seven primary industries: manufacturing; retail and wholesale; business services and construction; utilities and telecommunications; financial services and insurance; public sector and healthcare; and […]

On traditional infrastructure (laptops, servers, workstations, on-premises network infrastructure), the attack surface was the closest match to true perimeter-based defense we could get. The network infrastructure gave access to the systems within (crunchy outside; gooey, cubicle, khakis, and blue button-downs inside). As such, detection of attacker activity was relegated to network-based activity, endpoint-based activity, and […]

We’re excited to announce our latest research on vulnerability risk management (VRM) and security operations center (SOC) teams. VRM and SOC teams are pivotal parts of the security organization, with different responsibilities but shared challenges. When Allie and I kicked off our research on interlocks between these teams earlier this year, we weren’t sure what […]

Enterprise adoption of fine-tuned large language models is already underway, forcing cybersecurity teams to learn quickly how to protect them.

There's growing hype around generative AI in the security world, some of it warranted, some of it not so much. Learn more by reading the Forrester security and risk team’s key perspectives from RSAC 2023.

Get a preview of the top five cybersecurity threats — established and emerging — for this year and learn how to defend against each.

Typically, security is late to the game with technology innovation. Before we get to see innovative technology, we have to wait for it to matter to security. This time, however, is different. In January, we predicted how the announcement of ChatGPT could change cybersecurity, and today, our predictions were validated again with the announcement of […]

Last week, we published Forrester’s third CISO Career Paths report. This research involved an analysis of the career paths of Fortune 500 CISOs, looking into their education, tenures, and prior experiences of security leaders at some of the world’s largest companies. This data showcases existing trends and helps forecast what CISO roles will look like […]

This blog outlines Forrester’s existing Security & Risk research to help organizations navigate, manage, and prepare their organizations for the implications of the National Cybersecurity Strategy.

Given years of cyberespionage, attacks on elections, and, more recently, the melding of kinetic and digital warfare in the Russia-Ukraine war, private sector security leaders in all industries must recognize and prepare for more brazen and frequent nation-state cyberattacks. This is the first and the foundational report in a series that will help security leaders […]

Forrester originated the Zero Trust Model over a decade ago and defines Zero Trust as: An information security model that denies access to applications and data by default. Threat prevention is achieved by only granting access to networks and workloads utilizing policy informed by continuous, contextual, risk-based verification across users and their associated devices. Zero Trust advocates […]

Over the last 12 months, “risk dashboards” became all the rage in cybersecurity, with varied titles such as “risk index,” “security baseline,” “security posture,” and “risk posture.” These dashboards appear in a vendor’s user interface and purport to help security programs improve. Some even offer coveted “benchmark data” that leaders can share with boards and […]

The security analytics platform market is moving faster than it has in years, as demonstrated by these Wave results. Though Splunk still has a tight grip on the segment, competitors are finding opportunities to loosen its hold by addressing continued dissatisfaction with outdated pricing models. Hyperscalers like Microsoft are establishing themselves as top competitors through […]