Allie Mellen
Principal Analyst
Author Insights
Blog
Breaking Down The US Executive Order To Protect Americans’ Sensitive Personal Data
Learn the key takeaways and market impacts from the Biden administration’s executive order to protect Americans’ sensitive personal data.
Blog
Prescription For Change: Cybersecurity Outage Highlights Critical Vulnerabilities In Healthcare
A recent cybersecurity incident at Change Healthcare cause the pharmacy claims processors to take its systems offline. Learn the implication of this event and five things firms can do to prepare.
Blog
Tear Down The Tiered Analyst System In The SOC
Learn how taking a new approach to how you position analysts in your security operations center (SOC) can reduce burnout and help build a deeper security talent pool.
Blog
Lessons Learned From Another Year Of Sponsoring Women To Attend S&R Forum
Learn three key lessons from our partnership with Women in Security and Privacy (WISP) in sponsoring attendees at our Security & Risk Forum.
Blog
Retailers Are Being Barraged By Cyberattacks This Holiday Season — Prepare!
Cyberattacks continue to threaten the availability of online shopping for retailers — and the profits that come from it. Retailers can take these three steps to defend against them, this holiday season and into 2024.
Blog
A New Dawn For VMware EUC And Carbon Black, But Not Without Risk
Find out how Broadcom's plan to divest VMware’s EUC And Carbon Black businesses could impact customers and the market overall.
Blog
EDR Is Officially Out, And XDR Still Won’t Solve Your SIEM Problems
Forrester predicted that endpoint detection and response (EDR) as we know it would be replaced by extended detection and response (XDR). That day has finally come. Learn the implications of that shift in this blog post.
Blog
VMware Customers: Brace For Impact
With the VMware-Broadcom deal set for closing, what should you know? Learn five key things VMware customers can expect in the coming years.
Blog
The Top Five Things You Need To Know About How Generative AI Is Used In Security Tools
Security leaders need to understand how generative AI is used in security tools and how it may change how their teams operate. Here are five highlights from a new report that will help.
Blog
Exposure Management Looks To Usurp Vulnerability Management, But Is The New Emperor Wearing Any Clothes?
Hans Christian Anderson’s classic tale of the emperor that gets duped into a fancy, new, and invisible wardrobe provides lessons in swindling, pride, and truth. It’s only when the emperor struts in front of the commoners that a child finally states, “Wait a minute — there’s nothing to this outfit. He’s not wearing anything.” As […]
Blog
Splunk Is Good For Cisco, But Cisco Needs To Convince Splunk Customers That Cisco Is Good For Them
Find out what Cisco's $28 billion planned acquisition of Splunk could mean for both observability and security.
Blog
“The Blob” Is Poisoning The Security Industry
“The Blob” in the security industry can prevent us from having the deep, real conversations about the actual issues practitioners are facing today. Find out how to avoid this.
Blog
Announcing The 2023 Forrester Security & Risk Scholarship — Apply Now!
A few weeks ago, I spoke on a podcast with some of my former colleagues about my experiences in the security industry as a young woman. TL;DR: It’s not always great, and that’s true for many women in the industry. We showed that in our research on Best Practices: Recruiting, Retaining, And Advancing Women In […]
Blog
Black Hat USA 2023: Insights From Our Short Vegas Residency
Black Hat USA 2023: Insights From Our Short Vegas Residency Black Hat has gone from being RSAC’s smaller tech and practitioner-focused cousin to being a commercial showcase for cybersecurity vendors. A tightly packed, noisy Business Hall included over 300 vendors and 400 organizations with booths, which was great for swag but bad for anyone with […]
Blog
Reap The Rewards Of Empathy, The Emotional Buoy Of Trust
This week, we are thrilled to release new research: Build Trust And Lasting Emotional Bonds With Empathy. This report delves into empathy, one of the most critical of the seven levers of trust defined in the trust imperative. Forrester defines empathy as: The perception that an organization is emotionally connected to its customers, employees, […]
Blog
Announcing The Detection And Response Development Lifecycle (DR-DLC) For Detection Engineering
Too much data, monolithic software, and control issues. The security operations center is at a tipping point. Learn how following the detection and response development lifecycle framework can help your SOC get beyond it.
Blog
The Busy Security Leader’s Guide To The National Cybersecurity Strategy Implementation Plan
Security and risk leaders beware, the Biden Administration released the next major step in its plan to implement the National Cybersecurity Strategy (NCS) on July 13, 2023. The National Cybersecurity Strategy Implementation Plan (NCSIP) includes 65 federal initiatives across five pillars aimed at increasing cybersecurity investment, assigning federal agencies to specific initiatives, and giving timelines […]
Blog
Key Findings From Forrester’s 2022 Data Breach Benchmarks
Every year, Forrester fields the Forrester Analytics Business Technographics® Security Survey, which provides insight into security decision-makers’ current state, challenges, and forward-looking priorities. We analyzed the 2022 data to assess data breaches across seven primary industries: manufacturing; retail and wholesale; business services and construction; utilities and telecommunications; financial services and insurance; public sector and healthcare; and […]
Blog
Introducing Detection Surface, The Cybersecurity Defense That Parallels Attack Surface
On traditional infrastructure (laptops, servers, workstations, on-premises network infrastructure), the attack surface was the closest match to true perimeter-based defense we could get. The network infrastructure gave access to the systems within (crunchy outside; gooey, cubicle, khakis, and blue button-downs inside). As such, detection of attacker activity was relegated to network-based activity, endpoint-based activity, and […]
Blog
VRM And SOC Teams Can Benefit From Each Other
We’re excited to announce our latest research on vulnerability risk management (VRM) and security operations center (SOC) teams. VRM and SOC teams are pivotal parts of the security organization, with different responsibilities but shared challenges. When Allie and I kicked off our research on interlocks between these teams earlier this year, we weren’t sure what […]
More posts