Allie Mellen

Last week, we published Forrester’s third CISO Career Paths report. This research involved an analysis of the career paths of Fortune 500 CISOs, looking into their education, tenures, and prior experiences of security leaders at some of the world’s largest companies. This data showcases existing trends and helps forecast what CISO roles will look like […]

This blog outlines Forrester’s existing Security & Risk research to help organizations navigate, manage, and prepare their organizations for the implications of the National Cybersecurity Strategy.

Given years of cyberespionage, attacks on elections, and, more recently, the melding of kinetic and digital warfare in the Russia-Ukraine war, private sector security leaders in all industries must recognize and prepare for more brazen and frequent nation-state cyberattacks. This is the first and the foundational report in a series that will help security leaders […]

Forrester originated the Zero Trust Model over a decade ago and defines Zero Trust as: An information security model that denies access to applications and data by default. Threat prevention is achieved by only granting access to networks and workloads utilizing policy informed by continuous, contextual, risk-based verification across users and their associated devices. Zero Trust advocates […]

Over the last 12 months, “risk dashboards” became all the rage in cybersecurity, with varied titles such as “risk index,” “security baseline,” “security posture,” and “risk posture.” These dashboards appear in a vendor’s user interface and purport to help security programs improve. Some even offer coveted “benchmark data” that leaders can share with boards and […]

The security analytics platform market is moving faster than it has in years, as demonstrated by these Wave results. Though Splunk still has a tight grip on the segment, competitors are finding opportunities to loosen its hold by addressing continued dissatisfaction with outdated pricing models. Hyperscalers like Microsoft are establishing themselves as top competitors through […]

Some 14 Forrester analysts attended this year’s AWS re:Invent in Las Vegas. The conference was a mix of innovation in some areas — particularly compute and networking, along with a co-engineering approach to industry cloud — but plateaus in others, such as hybrid and edge. Efficiency and consolidation were underlying themes, from amping up AI/ML […]

The chair of the board at Women in Security and Privacy (WISP) discusses the organization's work and how companies can partner with it to foster diversity in cybersecurity.

Mischief, fright, haunting … These are just a few terms that apply to this time of year: Halloween. But these terms can also explain cyberattacks and the paranormal. Yes, we said it, cyberattacks and the paranormal, both things that go bump in the night (and often bump in the daylight, too). Both involve something that […]

Learn why an autonomous security operations center is an unrealistic vision for any security organization.

A few weeks ago, I spoke with Derek Johnson from SC Media about my experiences early on in the security industry – good and bad. While some of these moments were difficult, all of them were formative and helped me better understand the current state of the security community and industry. We are blessed with […]

Preparing for the worst means putting loyalty aside to build a plan with your goals and growth at the center. Learn how to get started.

When tech companies select people with ideals and integrity, they get people with ideals and integrity. When they behave in ways that betray those employees, they can expect rebellion.

Learn why moving away from legacy thinking on products and services leads to far better outcomes.

Here, we clear up some misconceptions about threat hunting and explain why it’s in the best interest of your team to start doing it.

A security vendor's product vision can make or break client loyalty. Learn what to look for in evaluating vendors' product visions.

While the economic downturn is in its early stages, it looks as though the hypergrowth phase of the cybersecurity vendor party has reached an abrupt end.

Late Sunday evening, Bloomberg reported rumors of advanced Broadcom talks to acquire VMware, which has since been confirmed this morning. In light of Broadcom’s investment activities in the past few years, this news is unsurprising. It made a string of massively expensive enterprise software company acquisitions: Brocade Communications Systems in 2016 ($5.9 billion), CA Technologies […]

To succeed with a security orchestration, automation, and response (SOAR) offering, outline how you'll use it first.