Erik Nost

Senior Analyst

Forrester Bio

Author Insights

Blog

Exposure Management Looks To Usurp Vulnerability Management, But Is The New Emperor Wearing Any Clothes?

Erik Nost October 16, 2023
Hans Christian Anderson’s classic tale of the emperor that gets duped into a fancy, new, and invisible wardrobe provides lessons in swindling, pride, and truth. It’s only when the emperor struts in front of the commoners that a child finally states, “Wait a minute — there’s nothing to this outfit. He’s not wearing anything.” As […]
Blog

Announcing The Forrester Wave™: Vulnerability Risk Management, Q3 2023

Erik Nost September 21, 2023
Vulnerability risk management (VRM) solutions look very different today than they did in 2019. Learn what's changed in our new Wave report.
Blog

It’s Time That We Activate Proactive Security

Erik Nost September 11, 2023
Learn how focusing on proactive security behaviors can relieve the ongoing security intrusions that reactive security teams must address.
Blog

Vulnerability Management Strategies: Avoiding A Cyber Root Canal

David Levine August 8, 2023
Vulnerability management, like flossing, is not fun, exciting, or sexy, but we know that it’s a necessary component of good hygiene. There’s a ton of evidence and research to strongly substantiate its benefits, and yet we frequently struggle to do it despite clearly understanding the consequences — we certainly don’t want a root canal! Yet, […]
Blog

VRM And SOC Teams Can Benefit From Each Other

Erik Nost June 5, 2023
We’re excited to announce our latest research on vulnerability risk management (VRM) and security operations center (SOC) teams. VRM and SOC teams are pivotal parts of the security organization, with different responsibilities but shared challenges. When Allie and I kicked off our research on interlocks between these teams earlier this year, we weren’t sure what […]
Blog

Announcing The Vulnerability Risk Management Landscape, Q2 2023

Erik Nost May 23, 2023
What do organizations use VRM for? Learn the five top use cases in this preview of our new report: The Vulnerability Risk Management Landscape, Q2 2023.
Blog

Insights From The 2023 RSA Conference: Generative AI, Quantum, And Innovation Sandbox

Allie Mellen May 2, 2023
There's growing hype around generative AI in the security world, some of it warranted, some of it not so much. Learn more by reading the Forrester security and risk team’s key perspectives from RSAC 2023.
Blog

The US Government Is Here And Really Wants To Help Protect You From Ransomware

Brian Wrozek March 27, 2023
Ransomware Vulnerability Warnings Are Coming To A Critical Infrastructure Near You The US Cybersecurity and Infrastructure Security Agency (CISA) launched the Ransomware Vulnerability Warning Pilot (RVWP) in January 2023 in response to ongoing concerns about the threat of ransomware. This is the CISA’s ransomware-centric take on external attack surface management for critical infrastructure. The RVWP pilot […]
Blog

External Attack Surface Management Finds Assets That Your Org Can’t See

Erik Nost January 18, 2023
The External Attack Surface Management Landscape, Q1 2023 is now available! Forrester clients can view the report to dive deeper into the benefits of EASM and key functionalities to assess when selecting an EASM vendor. As Jess Burn and I finalized this report, we couldn’t help but think that organizations that are blind to what’s […]
Blog

The Many Resources (And Acronyms) You Must Know To Prioritize Vulnerability Remediations

Erik Nost January 9, 2023
Building a robust vulnerability risk strategy takes input from multiple resources. More importantly, it requires input on factors specific to your company.
Blog

There’s Something Strange In The CVE Woods, Who You Gonna Call?

Erik Nost October 31, 2022
Last week, the number of CVE vulnerabilities received and analyzed by the National Vulnerability Database for 2022 surpassed the total number of CVEs for 2021. With nine weeks still left in 2022, we are on pace to crush last year’s record of vulnerabilities. And we are bound to set another record in 2023. When we […]
Blog

CISA Releases Directives On Asset Discovery And Vulnerability Enumeration

Erik Nost October 4, 2022
The Cybersecurity & Infrastructure Security Agency (CISA) kicked off Cybersecurity Awareness Month with a bang yesterday, with its latest binding operational directive that requires federal agencies to account for a complete inventory of assets and vulnerabilities. In past CISA coverage, we recommended that organizations doing business with the federal government, looking to maintain good cyber […]
Blog

Cyber Grant Program Is Welcome News For Small Governments

Erik Nost September 21, 2022
Local governments have become frequent targets of cyber attacks, and funding and planning for preventing for more attacks have been left largely to the local level. A new initiative is changing that.
Blog

Vulnerability Programs Must Regain Trust To Inspire Action

Erik Nost August 17, 2022
Is using CVSS scores for risk prioritization leading to misalignment and even mistrust in your organization? Find out in this Security & Risk event session preview.
Blog

Perspectives From Black Hat 2022

Erik Nost August 16, 2022
Thousands of security practitioners, vendors, and researchers from 111 different countries packed the Mandalay Bay Convention Center in Las Vegas last week for the first in-person Black Hat since 2019. Since the 2019 Black Hat, new technologies and security providers have increased, but so have threats, actors, and social/political/economic concerns. This year’s high attendance demonstrated […]
Blog

Microsoft Announces Defender Vulnerability Management

Erik Nost May 23, 2022
Microsoft recently announced Defender Vulnerability Management is available in a 120-day public preview as as a standalone, endpoint detection and response (EDR)-agnostic option. Defender for Endpoint Plan 2 customers have the option to purchase new add-on capabilities, while Defender for Endpoint Plan 1 customers will need to purchase the full standalone version. This release is […]
Blog

Plan Your Response To CISA Emergency Patching Directives

Erik Nost May 20, 2022
The US Cybersecurity and Infrastructure Security Agency and other government agencies will continue to weigh in on vulnerability and patch management. Be prepared to respond.
Blog

Meet The New Analyst Covering Vulnerability Risk Management: Erik Nost

Erik Nost May 11, 2022
What Topics Will You Be Covering at Forrester? I am very excited to be covering vulnerability risk management (VRM) at Forrester, including threat modeling and management and penetration testing. Some of the areas in VRM that I hope to explore include: Vulnerability risk prioritization, especially with new “zero days” hitting at what seems like every […]