VP, Principal Analyst
Product Management And Security Collaboration Benefits More Than Product Security
As part of Forrester’s research into securing what you sell, we have long advocated for security leaders to overlay their own activities with the rest of the product team and to engage in the product lifecycle before the product has even been defined. Last year, we reached out to product management decision-makers to learn more […]
The Pay Gap Isn’t The Only Problem For Women In CISO Roles
Last week, we published Forrester’s third CISO Career Paths report. This research involved an analysis of the career paths of Fortune 500 CISOs, looking into their education, tenures, and prior experiences of security leaders at some of the world’s largest companies. This data showcases existing trends and helps forecast what CISO roles will look like […]
2023 Security Recommendations: Protect Your Ass(ets) And Lawyer Up
Forrester recently published Top Recommendations For Your Security Program, 2023 for CISOs and other senior cybersecurity and technology leaders. This year’s overarching theme involves protection (as you might expect) — but not exactly in the way you’d think in the context of security. In 2023, our recommendations fall into three major strategic themes for security […]
Get A Head Start On The National Cybersecurity Strategy
This blog outlines Forrester’s existing Security & Risk research to help organizations navigate, manage, and prepare their organizations for the implications of the National Cybersecurity Strategy.
Five Reasons Why CISOs Should Report To CEOs
Cybersecurity problems won’t disappear, but CISOs who are elevated in the organization run better cybersecurity programs.
Great Technology Organizations Have Great Security Organizations
Forrester has been researching future fit organizations for the past few years, those organizations that have evolved their technology strategy to enable their firm’s customer-obsessed business strategy. Tech organizations fall into three tech strategy buckets: Traditional tech orgs are driven by cost, act as order-takers, and typically follow waterfall methodologies; modern tech orgs evolve to […]
NIST AI Risk Management Framework 1.0 — What It Means For Enterprises
Forrester provides guidance on how to succeed with AI governance with the NIST’s AI RMF 1.0.
Groundhog Day, SEC Style: Proposed Rule On Cybersecurity Risk Governance Has All The Pain Of SOX With Fewer Financial Penalties
There’s a significant shift ahead for how public firms and their boards treat cybersecurity risk. The last two years increased the amount of cybersecurity oversight in terms of regulations and guidelines. Voluntary “recommendations” such as the National Institute of Standards and Technology’s guidelines for AI offer a starting point for safer use of artificial intelligence, […]
Cybersecurity Risk Dashboards: No Value, Extreme Liability
Over the last 12 months, “risk dashboards” became all the rage in cybersecurity, with varied titles such as “risk index,” “security baseline,” “security posture,” and “risk posture.” These dashboards appear in a vendor’s user interface and purport to help security programs improve. Some even offer coveted “benchmark data” that leaders can share with boards and […]
ChatGPT: Cybersecurity Ramifications Beyond Malware
Plenty of people had fun with ChatGPT when it released, but I’m not sure any industry had more fun than cybersecurity. When first released, it turned out that ChatGPT could write code, convert code from one programming language to another, and write malware. Sure, the coherent nonsense problem persisted, but overall, it produced solid stuff. […]
Beware Of “Coherent Nonsense” When Implementing Generative AI
Generative AI can make doing a lot of things easier, including the wrong things. Learn the risks of AI-generated content and how to avoid them.
It’s Not You, It’s Them: Build A Resilient Cybersecurity Career
Preparing for the worst means putting loyalty aside to build a plan with your goals and growth at the center. Learn how to get started.
DuckDuckGo’s Email Protection: Another Strike Against The Surveillance Economy
Fresh off a yearlong beta test, DuckDuckGo moved its email protection service into an open beta. The service works across iOS and Android; browser extensions for Edge, Chrome, Firefox, and Brave; and DuckDuckGo for Mac. The service blocks trackers in emails, reducing the amount and type of data emails can send to third parties (like […]
Forget Quiet Quitting — Tech Whistleblowers Go Out With A Bang
When tech companies select people with ideals and integrity, they get people with ideals and integrity. When they behave in ways that betray those employees, they can expect rebellion.
Five Reasons To Buy A Service Before A Product
Learn why moving away from legacy thinking on products and services leads to far better outcomes.
Threat Hunting 101: A Human-Led Exercise
Here, we clear up some misconceptions about threat hunting and explain why it’s in the best interest of your team to start doing it.
Choose Apple Lockdown Mode, Choose Security
Users get to make their own choices about security and privacy when using Apple devices, not carriers, application developers, or advertisers.
If You Can Say It, You Can See It: Dall-E And You
Or, “How a natural language image generation AI used as a meme generator by social media may impact your business.” Welcome To The Future — It’s Got AI-Generated Art Let’s play a quick game. Which of the below images were made by an AI system generating images based on word prompts? Let’s pretend you guessed […]
The Reaper Comes For Cyber Unicorns
While the economic downturn is in its early stages, it looks as though the hypergrowth phase of the cybersecurity vendor party has reached an abrupt end.
Microsoft Launches MDR And Hops On The Everything-As-A-Service Bandwagon
Everything-eventually-becomes-a-service which Microsoft demonstrates by launching its own version of managed detection & response. We discuss what CISOs need to know, how it will impact the market, and what to look for next.