Erik Nost
Senior Analyst

Author Insights
Blog
Assessment Is Anyone’s Guess: Proving GOAT Status Requires Validation
As spectators tuned in to Super Bowl LIX to indulge in American culture rife with consumerism, T. Swift, and rap feuds, the buzz was less around the game and more on determining who is pro football’s GOAT (greatest of all time).
Blog
Tenable To Acquire Vulcan Cyber: More Consolidation In The Vulnerability Management Market
The proactive security market is consolidating further as exposure management vendor Tenable announced its intent to acquire Vulcan Cyber, a unified vulnerability management (UVM) vendor that specializes in third-party vulnerability collection, vulnerability response, and application security posture management. This acquisition demonstrates how vendors are reacting to CISOs’ continued need to unify and consolidate their fragmented […]
Blog
Announcing The Forrester Wave™: Attack Surface Management Solutions, Q3 2024
We’re excited to announce the inaugural release of a Forrester Wave™ evaluation covering attack surface management (ASM) solutions. We evaluated the 11 most significant ASM vendors in what is currently a rapidly evolving market segment. Forrester covers ASM and periphery markets such as exposure management and vulnerability risk management (VRM), as these segments all contribute […]
Blog
The Shakedown From Black Hat USA, 2024
What happens when five security analysts gather at a security conference in Las Vegas? Stuff gets broke. Find out more in this review of the recent BlackHat USA event.
Blog
My Prediction For The 2024 RSA Conference: Proactive Security Will Dominate Use Cases
While no trip to the RSA Conference is complete without seeing what security vendors are up to, this year, expect to be asked an intriguing question: “How proactive are you?” Find out why this will be such a popular question in this post.
Blog
Exposure Management Looks To Usurp Vulnerability Management, But Is The New Emperor Wearing Any Clothes?
Hans Christian Anderson’s classic tale of the emperor that gets duped into a fancy, new, and invisible wardrobe provides lessons in swindling, pride, and truth. It’s only when the emperor struts in front of the commoners that a child finally states, “Wait a minute — there’s nothing to this outfit. He’s not wearing anything.” As […]
Blog
Announcing The Forrester Wave™: Vulnerability Risk Management, Q3 2023
Vulnerability risk management (VRM) solutions look very different today than they did in 2019. Learn what's changed in our new Wave report.
Blog
It’s Time That We Activate Proactive Security
Learn how focusing on proactive security behaviors can relieve the ongoing security intrusions that reactive security teams must address.
Blog
Vulnerability Management Strategies: Avoiding A Cyber Root Canal
Vulnerability management, like flossing, is not fun, exciting, or sexy, but we know that it’s a necessary component of good hygiene. There’s a ton of evidence and research to strongly substantiate its benefits, and yet we frequently struggle to do it despite clearly understanding the consequences — we certainly don’t want a root canal! Yet, […]
Blog
VRM And SOC Teams Can Benefit From Each Other
We’re excited to announce our latest research on vulnerability risk management (VRM) and security operations center (SOC) teams. VRM and SOC teams are pivotal parts of the security organization, with different responsibilities but shared challenges. When Allie and I kicked off our research on interlocks between these teams earlier this year, we weren’t sure what […]
Blog
Announcing The Vulnerability Risk Management Landscape, Q2 2023
What do organizations use VRM for? Learn the five top use cases in this preview of our new report: The Vulnerability Risk Management Landscape, Q2 2023.
Blog
Insights From The 2023 RSA Conference: Generative AI, Quantum, And Innovation Sandbox
There's growing hype around generative AI in the security world, some of it warranted, some of it not so much. Learn more by reading the Forrester security and risk team’s key perspectives from RSAC 2023.
Blog
The US Government Is Here And Really Wants To Help Protect You From Ransomware
Ransomware Vulnerability Warnings Are Coming To A Critical Infrastructure Near You The US Cybersecurity and Infrastructure Security Agency (CISA) launched the Ransomware Vulnerability Warning Pilot (RVWP) in January 2023 in response to ongoing concerns about the threat of ransomware. This is the CISA’s ransomware-centric take on external attack surface management for critical infrastructure. The RVWP pilot […]
Blog
External Attack Surface Management Finds Assets That Your Org Can’t See
The External Attack Surface Management Landscape, Q1 2023 is now available! Forrester clients can view the report to dive deeper into the benefits of EASM and key functionalities to assess when selecting an EASM vendor. As Jess Burn and I finalized this report, we couldn’t help but think that organizations that are blind to what’s […]
Blog
The Many Resources (And Acronyms) You Must Know To Prioritize Vulnerability Remediations
Building a robust vulnerability risk strategy takes input from multiple resources. More importantly, it requires input on factors specific to your company.
Blog
There’s Something Strange In The CVE Woods, Who You Gonna Call?
Last week, the number of CVE vulnerabilities received and analyzed by the National Vulnerability Database for 2022 surpassed the total number of CVEs for 2021. With nine weeks still left in 2022, we are on pace to crush last year’s record of vulnerabilities. And we are bound to set another record in 2023. When we […]
Blog
CISA Releases Directives On Asset Discovery And Vulnerability Enumeration
The Cybersecurity & Infrastructure Security Agency (CISA) kicked off Cybersecurity Awareness Month with a bang yesterday, with its latest binding operational directive that requires federal agencies to account for a complete inventory of assets and vulnerabilities. In past CISA coverage, we recommended that organizations doing business with the federal government, looking to maintain good cyber […]
Blog
Cyber Grant Program Is Welcome News For Small Governments
Local governments have become frequent targets of cyber attacks, and funding and planning for preventing for more attacks have been left largely to the local level. A new initiative is changing that.
Blog
Vulnerability Programs Must Regain Trust To Inspire Action
Is using CVSS scores for risk prioritization leading to misalignment and even mistrust in your organization? Find out in this Security & Risk event session preview.
Blog
Perspectives From Black Hat 2022
Thousands of security practitioners, vendors, and researchers from 111 different countries packed the Mandalay Bay Convention Center in Las Vegas last week for the first in-person Black Hat since 2019. Since the 2019 Black Hat, new technologies and security providers have increased, but so have threats, actors, and social/political/economic concerns. This year’s high attendance demonstrated […]
More posts