Jeff Pollard

Last week, we published Forrester’s third CISO Career Paths report. This research involved an analysis of the career paths of Fortune 500 CISOs, looking into their education, tenures, and prior experiences of security leaders at some of the world’s largest companies. This data showcases existing trends and helps forecast what CISO roles will look like […]

Forrester recently published Top Recommendations For Your Security Program, 2023 for CISOs and other senior cybersecurity and technology leaders. This year’s overarching theme involves protection (as you might expect) — but not exactly in the way you’d think in the context of security. In 2023, our recommendations fall into three major strategic themes for security […]

This blog outlines Forrester’s existing Security & Risk research to help organizations navigate, manage, and prepare their organizations for the implications of the National Cybersecurity Strategy.

Cybersecurity problems won’t disappear, but CISOs who are elevated in the organization run better cybersecurity programs.

Forrester has been researching future fit organizations for the past few years, those organizations that have evolved their technology strategy to enable their firm’s customer-obsessed business strategy. Tech organizations fall into three tech strategy buckets: Traditional tech orgs are driven by cost, act as order-takers, and typically follow waterfall methodologies; modern tech orgs evolve to […]

Forrester provides guidance on how to succeed with AI governance with the NIST’s AI RMF 1.0.

There’s a significant shift ahead for how public firms and their boards treat cybersecurity risk. The last two years increased the amount of cybersecurity oversight in terms of regulations and guidelines. Voluntary “recommendations” such as the National Institute of Standards and Technology’s guidelines for AI offer a starting point for safer use of artificial intelligence, […]

Over the last 12 months, “risk dashboards” became all the rage in cybersecurity, with varied titles such as “risk index,” “security baseline,” “security posture,” and “risk posture.” These dashboards appear in a vendor’s user interface and purport to help security programs improve. Some even offer coveted “benchmark data” that leaders can share with boards and […]

Plenty of people had fun with ChatGPT when it released, but I’m not sure any industry had more fun than cybersecurity. When first released, it turned out that ChatGPT could write code, convert code from one programming language to another, and write malware. Sure, the coherent nonsense problem persisted, but overall, it produced solid stuff. […]

Generative AI can make doing a lot of things easier, including the wrong things. Learn the risks of AI-generated content and how to avoid them.

Preparing for the worst means putting loyalty aside to build a plan with your goals and growth at the center. Learn how to get started.

Fresh off a yearlong beta test, DuckDuckGo moved its email protection service into an open beta. The service works across iOS and Android; browser extensions for Edge, Chrome, Firefox, and Brave; and DuckDuckGo for Mac. The service blocks trackers in emails, reducing the amount and type of data emails can send to third parties (like […]

When tech companies select people with ideals and integrity, they get people with ideals and integrity. When they behave in ways that betray those employees, they can expect rebellion.

Learn why moving away from legacy thinking on products and services leads to far better outcomes.

Here, we clear up some misconceptions about threat hunting and explain why it’s in the best interest of your team to start doing it.

Users get to make their own choices about security and privacy when using Apple devices, not carriers, application developers, or advertisers.

Or, “How a natural language image generation AI used as a meme generator by social media may impact your business.” Welcome To The Future — It’s Got AI-Generated Art Let’s play a quick game. Which of the below images were made by an AI system generating images based on word prompts? Let’s pretend you guessed […]

While the economic downturn is in its early stages, it looks as though the hypergrowth phase of the cybersecurity vendor party has reached an abrupt end.

Everything-eventually-becomes-a-service which Microsoft demonstrates by launching its own version of managed detection & response. We discuss what CISOs need to know, how it will impact the market, and what to look for next.