Jeff Pollard

VP, Principal Analyst

Forrester Bio

Jeff Pollard

Author Insights

Blog

Facebook Shuts Down Face Recognition System On Its Platform

Merritt Maxim November 4, 2021
Facebook's recently announced its decision to no longer use facial recognition in its platform. What does that mean for the long-term?
Read More
Blog

Forrester’s Security & Risk 2021 Preview: Secure What You Sell Goes Mainstream

Sandy Carielli November 4, 2021
Before I joined Forrester, my colleagues Jeff Pollard and Amy DeMartine initiated our product security research, leading to our first report on the topic, Secure What You Sell: CISOs Must Tackle Product Security To Protect Customers. In those bygone days of 2018 and 2019, we identified that: Forrester was the first to market with this […]
Read More
Blog

Put These Talks On Your S&R Forum Watchlist

Allie Mellen November 3, 2021
Next week, the Forrester security and risk (S&R) team will host the Forrester Security & Risk Forum on November 9 and 10. This will be the first time I have ever attended a Forrester event, let alone the Forrester Security & Risk Forum. And while I’m disappointed it isn’t in person this year, I’m also thrilled with […]
Read More
Video

Predictions 2022: Continued Uncertainty Forces Attention On Securing Relationships

Jeff Pollard October 28, 2021

Watch Now
Blog

CISOs And The Next Era Of Security Visibility: Observability

Jeff Pollard October 18, 2021
For security leaders and practitioners, it seems like developers and IT teams get all the cool toys, and security pros get stuck with the hand-me-downs. Dev was first to cloud, IT followed, and security warily joined in. IT had patch management while security just scanned to see if the patches weren’t there; and security orchestration, […]
Read More
Blog

Halloween Comes Early For Syniverse, FB, And Twitch — What We Can Learn From Their Spooky Outages Plus Breaches

Jeff Pollard October 7, 2021
As renowned ghost hunter and solver of mysteries Scooby-Doo would say, “Ruh roh, Raggy!” It looks like more than ghosts are wreaking havoc on haunted networks. We’re less than a full week into October, and Cybersecurity Awareness Month isn’t quite taking shape the way we expected. Ostensibly, orgs decided to pivot and use this time […]
Read More
Blog

Facebook’s Outage: Breaking The Ad Empire — For A Day?

Mike Proulx October 4, 2021
The Facebook ecosystem outage should remind advertisers to have proactive risk mitigation plans in place.
Read More
Blog

What Security Market Definitions Tell Practitioners

Allie Mellen September 29, 2021
One of the biggest challenges of being a security industry analyst is finding when and how to define new market segments. We both had to do this recently — Jeff with managed detection and response and Allie with extended detection and response (XDR). The most common question we get from security vendors confused as to […]
Read More
Blog

CISOs And The Trust Imperative

Jeff Pollard September 10, 2021
There is no executive role that better aligns with the trust imperative than the CISO. Find out why and how it may impact your organization directly.
Read More
Blog

Zero Trust Doesn’t Mean Zero Breaches

David Holmes June 29, 2021
We occasionally get asked this question: “Would Zero Trust have prevented [insert high-profile breach]?” The breach in question could be Equifax, SolarWinds, or the United States Office of Personnel Management. We haven’t been asked (yet) about the announcement from Microsoft this month, where they acknowledged that they were a target of, and indeed had an […]
Read More
Blog

Forrester’s List Of Ransomware Resources

Jeff Pollard June 24, 2021
With ransomware continuing as a high-impact problem (with seemingly no end in sight), we’ve put together some useful ransomware resources for security practitioners. Security and risk (S&R) pros can use these resources to help prevent, protect, detect, and respond to ransomware outbreaks. The links below are a mixture of Forrester’s own research and third-party links. […]
Read More
Blog

Revenge Of The SaaS: Mandiant Uses Services To Escape FireEye

Jeff Pollard June 3, 2021
Revenge Of The SaaS: Mandiant Dumps FEYE In a cybersecurity divorce that had fewer leading indicators than the dissolution of Kim and Kanye, Mandiant has finally untangled itself from FireEye (FEYE) by selling the product portion of the firm to Symphony Technology Group (STG) for $1.2 billion. FireEye’s history as the most “almost acquired vendor” […]
Read More
Blog

Trusted Third-Party Phish Is The Catch Of The Day

Joseph Blankenship June 2, 2021
We warn users not to click on suspicious emails and not to open emails from untrusted senders to prevent users from being phished. Sender identity is one of the filtering mechanisms in email security solutions. But what happens when a trusted sender’s email account is compromised and an attacker uses that access to send emails […]
Read More
Blog

Debunking Infosec Purity And Other Security Myths In The Wake Of Recent Attacks

Sandy Carielli May 21, 2021
Earlier this week, an op-ed published on The Hill sent information security (infosec) Twitter into a tizzy by blaming cybersecurity industry best practices for recent high-profile security breaches. For the security team at Forrester, the op-ed furthered a number of security myths that we felt compelled to bust here. Myth #1: The Best Infosec Pros […]
Read More
Blog

Biden Executive Order Bets Big On Zero Trust For The Future Of US Cybersecurity

Jeff Pollard May 13, 2021
Forrester's security team sifts through the details of the new executive order on cybersecurity and looks forward at its long-term impact.
Read More
Blog

“Winning” MITRE ATT&CK, Losing Sight Of Customers

Jeff Pollard April 22, 2021
Are the results of a MITRE ATT&CK evaluation a good gauge of a vendor's effectiveness? Maybe. Vice President and Principal Analyst Jeff Pollard explains how to use the results in your vendor analysis.
Read More
Blog

Degree Requirements Are Poisoning Your Cybersecurity Talent Pool

Steve Turner April 22, 2021
There’s no shortage of obstacles holding back folks from finding meaningful employment in the cybersecurity sector. Some of these obstacles are imposed by human resources policies and the software used to automatically scan through resumes in a game of electronic buzzword bingo, one of the most insidious of these being the requirement of a college […]
Read More
Blog

MSSP Is The Eighth Word You Can’t Say On TV

Jeff Pollard March 24, 2021
“The Forrester Wave™: Managed Detection And Response, Q1 2021” is now live — and this is a seriously impressive group of vendors. I want to give a sincere thanks to them all for the effort and work they put into it. Vendors don’t always agree on things — especially with competitors. But one thing quite […]
Read More
Blog

Mean Time Before CEO Scapegoats

Jeff Pollard March 1, 2021
A few months before I joined Forrester in 2015, I found a blog that introduced a new incident response (IR) metric written by @rickhholland: “Introducing A New Incident Response Metric: Mean Time Before CEO Apologizes (MTBCA).” Rick introduced this — not exactly tongue-in-cheek metric for IR – because the playbook was so familiar. Get breached, […]
Read More
Blog

Reflections On 2020: Cybersecurity Predictions Versus Reality

Heidi Shey February 8, 2021
You’re probably tired of hearing about 2021 cybersecurity predictions. This is something different. We’re taking a look back to what we predicted would happen in 2020 and grading our predictions. After all, why make predictions in the first place if we’re not going to reflect and assess ourselves afterward? When we make predictions, we aim to identify what is different that we think […]
Read More
More posts