James Plouffe
Principal Analyst
Author Insights
Blog
CrowdStrike’s Planned Acquisition Of Seraphic Highlights The Need To Address Endpoint Risks
CrowdStrike’s move to acquire Seraphic spotlights a growing blind spot in cybersecurity: The browser has quietly become one of the riskiest — and least protected — endpoints in the enterprise. This blog reveals why legacy EDR, XDR, and network tools can’t see what’s really happening inside the browser and how Seraphic’s unique JSE‑based approach could change the game for data protection and threat detection.
Blog
My Tips For Crushing Your Analyst Briefings And Wowing The Analyst
Former Forrester analyst Josh Zelonis blogged about how to deliver successful vendor briefings years ago. I’m updating his blog with my own thoughts as a “recovering marketer,” Forrester analyst, and research director. This blog is a collection of my top tips for briefing analysts, with contributions from other security and risk analysts.
Blog
Anthropic Catches Attackers Using Agents In The Act
On November 13, AI vendor Anthropic published details about the disruption of what it characterized as an AI-led cyber espionage operation. Learn what is in Anthropic's report and get tips on how to protect against future AI-enabled attacks.
Blog
Developer-Led Growth Meets Enterprise-Grade Security And Distributed Infrastructure At Cloudflare Connect 2025
Cloudflare Connect 2025 had a distinctly optimistic vibe as the vendor positions itself as the connective tissue for modern digital operations in the enterprise and showcases its AI security abilities. Learn more in this event review.
Blog
How F5 And SonicWall Revealed The Fragility Of The Software Supply Chain
The recent breaches at F5 and SonicWall illustrate how attackers are targeting the very infrastructure that enterprises rely on to secure and deliver digital services.
Blog
Too Big To Fail, Cyber Edition
Why did the UK government extend a £1.5 billion guaranteed loan to Jaguar Land Rover after a debilitating ransomware attack? And what can your security team learn from it? Find out in this post.
Blog
When Buzzwords Collide: From A(I) To Z(ero Trust)
In the past 15 years, Zero Trust has become the dominant cybersecurity model. Now along comes AI. Find out what role generative AI and AI agents will play in driving Zero Trust adoption and maturity in this preview of our upcoming Security & Risk Summit.
Blog
Is Zero Trust Canceled? Revisiting DEF CON Research
Did AmberWolf’s talk at DEF CON 33 uncover any true fundamental flaws in Zero Trust? Although we think the research uncovered some significant issues, calling it a “total bust” is definitely overblown. Find out why.
Blog
Black Hat 2025: Troop Forrester Goes To Hacker Summer Camp
2025 marks the 28th year of Black Hat, and although it remains on the edgier side of corporate-focused cybersecurity conferences, it sometimes feels like the event is considering completely ditching its hoodie in favor of a collared shirt.
Blog
From The Basement To The Corner Office: Zero Trust Gets A “Promotion” In The DoD
Learn the implications of the new Zero Trust Portfolio Management Office and Chief Zero Trust Officer in the US Department of Defense.
Blog
AWS re:Inforce 2025 — Heavy On User Experience Enhancements, Light On The GenAI Hype
This year's AWS re:Inforce event included a big announcement and revealed other security-related enhancements. Read our top takeaways.
Blog
Meet The New Analyst Covering Zero Trust And Microsegmentation
The 25-plus years of my career so far can be divided into two acts. Act I was enterprise IT, beginning with desktop support and progressing to network and security architecture at organizations ranging from small business to the Global 10. Act II opened with a move into technical alliance and ecosystem roles at security vendors […]
Blog
Zscaler Snatches Up Red Canary: The Good, The Bad, And The Concerning
Find out what Zscaler's acquisition of Red Canary could mean for the cybersecurity market as a whole as well as for security leaders and their teams.