Allie Mellen
Principal Analyst

Author Insights
Blog
Splunk Is Good For Cisco, But Cisco Needs To Convince Splunk Customers That Cisco Is Good For Them
Find out what Cisco's $28 billion planned acquisition of Splunk could mean for both observability and security.
Blog
“The Blob” Is Poisoning The Security Industry
“The Blob” in the security industry can prevent us from having the deep, real conversations about the actual issues practitioners are facing today. Find out how to avoid this.
Blog
Announcing The 2023 Forrester Security & Risk Scholarship — Apply Now!
A few weeks ago, I spoke on a podcast with some of my former colleagues about my experiences in the security industry as a young woman. TL;DR: It’s not always great, and that’s true for many women in the industry. We showed that in our research on Best Practices: Recruiting, Retaining, And Advancing Women In […]
Blog
Black Hat USA 2023: Insights From Our Short Vegas Residency
Black Hat USA 2023: Insights From Our Short Vegas Residency Black Hat has gone from being RSAC’s smaller tech and practitioner-focused cousin to being a commercial showcase for cybersecurity vendors. A tightly packed, noisy Business Hall included over 300 vendors and 400 organizations with booths, which was great for swag but bad for anyone with […]
Blog
Reap The Rewards Of Empathy, The Emotional Buoy Of Trust
This week, we are thrilled to release new research: Build Trust And Lasting Emotional Bonds With Empathy. This report delves into empathy, one of the most critical of the seven levers of trust defined in the trust imperative. Forrester defines empathy as: The perception that an organization is emotionally connected to its customers, employees, […]
Blog
Announcing The Detection And Response Development Lifecycle (DR-DLC) For Detection Engineering
Too much data, monolithic software, and control issues. The security operations center is at a tipping point. Learn how following the detection and response development lifecycle framework can help your SOC get beyond it.
Blog
The Busy Security Leader’s Guide To The National Cybersecurity Strategy Implementation Plan
Security and risk leaders beware, the Biden Administration released the next major step in its plan to implement the National Cybersecurity Strategy (NCS) on July 13, 2023. The National Cybersecurity Strategy Implementation Plan (NCSIP) includes 65 federal initiatives across five pillars aimed at increasing cybersecurity investment, assigning federal agencies to specific initiatives, and giving timelines […]
Blog
Key Findings From Forrester’s 2022 Data Breach Benchmarks
Every year, Forrester fields the Forrester Analytics Business Technographics® Security Survey, which provides insight into security decision-makers’ current state, challenges, and forward-looking priorities. We analyzed the 2022 data to assess data breaches across seven primary industries: manufacturing; retail and wholesale; business services and construction; utilities and telecommunications; financial services and insurance; public sector and healthcare; and […]
Blog
Introducing Detection Surface, The Cybersecurity Defense That Parallels Attack Surface
On traditional infrastructure (laptops, servers, workstations, on-premises network infrastructure), the attack surface was the closest match to true perimeter-based defense we could get. The network infrastructure gave access to the systems within (crunchy outside; gooey, cubicle, khakis, and blue button-downs inside). As such, detection of attacker activity was relegated to network-based activity, endpoint-based activity, and […]
Blog
VRM And SOC Teams Can Benefit From Each Other
We’re excited to announce our latest research on vulnerability risk management (VRM) and security operations center (SOC) teams. VRM and SOC teams are pivotal parts of the security organization, with different responsibilities but shared challenges. When Allie and I kicked off our research on interlocks between these teams earlier this year, we weren’t sure what […]
Blog
Defending AI Models: From Soon To Yesterday
Enterprise adoption of fine-tuned large language models is already underway, forcing cybersecurity teams to learn quickly how to protect them.
Blog
Insights From The 2023 RSA Conference: Generative AI, Quantum, And Innovation Sandbox
There's growing hype around generative AI in the security world, some of it warranted, some of it not so much. Learn more by reading the Forrester security and risk team’s key perspectives from RSAC 2023.
Blog
Protecting Against The Top Cybersecurity Threats In 2023 Requires A Balanced Approach
Get a preview of the top five cybersecurity threats — established and emerging — for this year and learn how to defend against each.
Blog
Generative AI Goes Mainstream In Security With Microsoft Security Copilot
Typically, security is late to the game with technology innovation. Before we get to see innovative technology, we have to wait for it to matter to security. This time, however, is different. In January, we predicted how the announcement of ChatGPT could change cybersecurity, and today, our predictions were validated again with the announcement of […]
Blog
The Pay Gap Isn’t The Only Problem For Women In CISO Roles
Last week, we published Forrester’s third CISO Career Paths report. This research involved an analysis of the career paths of Fortune 500 CISOs, looking into their education, tenures, and prior experiences of security leaders at some of the world’s largest companies. This data showcases existing trends and helps forecast what CISO roles will look like […]
Blog
Get A Head Start On The National Cybersecurity Strategy
This blog outlines Forrester’s existing Security & Risk research to help organizations navigate, manage, and prepare their organizations for the implications of the National Cybersecurity Strategy.
Blog
Introducing The Forrester Model To Defend Against Nation-State Threats
Given years of cyberespionage, attacks on elections, and, more recently, the melding of kinetic and digital warfare in the Russia-Ukraine war, private sector security leaders in all industries must recognize and prepare for more brazen and frequent nation-state cyberattacks. This is the first and the foundational report in a series that will help security leaders […]
Blog
Success With Zero Trust Lives And Dies By Executive Support
Forrester originated the Zero Trust Model over a decade ago and defines Zero Trust as: An information security model that denies access to applications and data by default. Threat prevention is achieved by only granting access to networks and workloads utilizing policy informed by continuous, contextual, risk-based verification across users and their associated devices. Zero Trust advocates […]
Blog
Cybersecurity Risk Dashboards: No Value, Extreme Liability
Over the last 12 months, “risk dashboards” became all the rage in cybersecurity, with varied titles such as “risk index,” “security baseline,” “security posture,” and “risk posture.” These dashboards appear in a vendor’s user interface and purport to help security programs improve. Some even offer coveted “benchmark data” that leaders can share with boards and […]
Blog
Announcing The Forrester Wave™: Security Analytics Platforms, Q4 2022
The security analytics platform market is moving faster than it has in years, as demonstrated by these Wave results. Though Splunk still has a tight grip on the segment, competitors are finding opportunities to loosen its hold by addressing continued dissatisfaction with outdated pricing models. Hyperscalers like Microsoft are establishing themselves as top competitors through […]
More posts