Erik Nost

Learn how focusing on proactive security behaviors can relieve the ongoing security intrusions that reactive security teams must address.

Vulnerability management, like flossing, is not fun, exciting, or sexy, but we know that it’s a necessary component of good hygiene. There’s a ton of evidence and research to strongly substantiate its benefits, and yet we frequently struggle to do it despite clearly understanding the consequences — we certainly don’t want a root canal! Yet, […]

We’re excited to announce our latest research on vulnerability risk management (VRM) and security operations center (SOC) teams. VRM and SOC teams are pivotal parts of the security organization, with different responsibilities but shared challenges. When Allie and I kicked off our research on interlocks between these teams earlier this year, we weren’t sure what […]

What do organizations use VRM for? Learn the five top use cases in this preview of our new report: The Vulnerability Risk Management Landscape, Q2 2023.

There's growing hype around generative AI in the security world, some of it warranted, some of it not so much. Learn more by reading the Forrester security and risk team’s key perspectives from RSAC 2023.

Ransomware Vulnerability Warnings Are Coming To A Critical Infrastructure Near You The US Cybersecurity and Infrastructure Security Agency (CISA) launched the Ransomware Vulnerability Warning Pilot (RVWP) in January 2023 in response to ongoing concerns about the threat of ransomware. This is the CISA’s ransomware-centric take on external attack surface management for critical infrastructure. The RVWP pilot […]

The External Attack Surface Management Landscape, Q1 2023 is now available! Forrester clients can view the report to dive deeper into the benefits of EASM and key functionalities to assess when selecting an EASM vendor. As Jess Burn and I finalized this report, we couldn’t help but think that organizations that are blind to what’s […]

Building a robust vulnerability risk strategy takes input from multiple resources. More importantly, it requires input on factors specific to your company.

Last week, the number of CVE vulnerabilities received and analyzed by the National Vulnerability Database for 2022 surpassed the total number of CVEs for 2021. With nine weeks still left in 2022, we are on pace to crush last year’s record of vulnerabilities. And we are bound to set another record in 2023. When we […]

The Cybersecurity & Infrastructure Security Agency (CISA) kicked off Cybersecurity Awareness Month with a bang yesterday, with its latest binding operational directive that requires federal agencies to account for a complete inventory of assets and vulnerabilities. In past CISA coverage, we recommended that organizations doing business with the federal government, looking to maintain good cyber […]

Local governments have become frequent targets of cyber attacks, and funding and planning for preventing for more attacks have been left largely to the local level. A new initiative is changing that.

Is using CVSS scores for risk prioritization leading to misalignment and even mistrust in your organization? Find out in this Security & Risk event session preview.

Thousands of security practitioners, vendors, and researchers from 111 different countries packed the Mandalay Bay Convention Center in Las Vegas last week for the first in-person Black Hat since 2019. Since the 2019 Black Hat, new technologies and security providers have increased, but so have threats, actors, and social/political/economic concerns. This year’s high attendance demonstrated […]

Microsoft recently announced Defender Vulnerability Management is available in a 120-day public preview as as a standalone, endpoint detection and response (EDR)-agnostic option. Defender for Endpoint Plan 2 customers have the option to purchase new add-on capabilities, while Defender for Endpoint Plan 1 customers will need to purchase the full standalone version. This release is […]

The US Cybersecurity and Infrastructure Security Agency and other government agencies will continue to weigh in on vulnerability and patch management. Be prepared to respond.

What Topics Will You Be Covering at Forrester? I am very excited to be covering vulnerability risk management (VRM) at Forrester, including threat modeling and management and penetration testing. Some of the areas in VRM that I hope to explore include: Vulnerability risk prioritization, especially with new “zero days” hitting at what seems like every […]