Jeff Pollard

Email security appliances have come a long way in the past 20 years. Learn the benefits of cloud-delivered email security.

Black Hat USA 2023: Insights From Our Short Vegas Residency Black Hat has gone from being RSAC’s smaller tech and practitioner-focused cousin to being a commercial showcase for cybersecurity vendors. A tightly packed, noisy Business Hall included over 300 vendors and 400 organizations with booths, which was great for swag but bad for anyone with […]

While it might seem like generative AI is the only use case for AI around today, just a few years ago, deepfakes wore the mantle for attention and hype in the AI universe. That’s fallen off considerably today, but we will likely see a resurgence in interest based on attacks using deepfakes to scam and […]

On traditional infrastructure (laptops, servers, workstations, on-premises network infrastructure), the attack surface was the closest match to true perimeter-based defense we could get. The network infrastructure gave access to the systems within (crunchy outside; gooey, cubicle, khakis, and blue button-downs inside). As such, detection of attacker activity was relegated to network-based activity, endpoint-based activity, and […]

Enterprise adoption of fine-tuned large language models is already underway, forcing cybersecurity teams to learn quickly how to protect them.

The Forrester Wave™: Managed Detection And Response (MDR), Q2 2023 is live! The MDR market continues to redefine what it means to offer a successful security service with high client satisfaction and retention rates and, as a result, extraordinary growth rates. For now, no single vendor dominates the MDR market, but providers bringing endpoint detection […]

Typically, security is late to the game with technology innovation. Before we get to see innovative technology, we have to wait for it to matter to security. This time, however, is different. In January, we predicted how the announcement of ChatGPT could change cybersecurity, and today, our predictions were validated again with the announcement of […]

As part of Forrester’s research into securing what you sell, we have long advocated for security leaders to overlay their own activities with the rest of the product team and to engage in the product lifecycle before the product has even been defined. Last year, we reached out to product management decision-makers to learn more […]

Last week, we published Forrester’s third CISO Career Paths report. This research involved an analysis of the career paths of Fortune 500 CISOs, looking into their education, tenures, and prior experiences of security leaders at some of the world’s largest companies. This data showcases existing trends and helps forecast what CISO roles will look like […]

Forrester recently published Top Recommendations For Your Security Program, 2023 for CISOs and other senior cybersecurity and technology leaders. This year’s overarching theme involves protection (as you might expect) — but not exactly in the way you’d think in the context of security. In 2023, our recommendations fall into three major strategic themes for security […]

This blog outlines Forrester’s existing Security & Risk research to help organizations navigate, manage, and prepare their organizations for the implications of the National Cybersecurity Strategy.

Cybersecurity problems won’t disappear, but CISOs who are elevated in the organization run better cybersecurity programs.

Forrester has been researching future fit organizations for the past few years, those organizations that have evolved their technology strategy to enable their firm’s customer-obsessed business strategy. Tech organizations fall into three tech strategy buckets: Traditional tech orgs are driven by cost, act as order-takers, and typically follow waterfall methodologies; modern tech orgs evolve to […]

Forrester provides guidance on how to succeed with AI governance with the NIST’s AI RMF 1.0.

There’s a significant shift ahead for how public firms and their boards treat cybersecurity risk. The last two years increased the amount of cybersecurity oversight in terms of regulations and guidelines. Voluntary “recommendations” such as the National Institute of Standards and Technology’s guidelines for AI offer a starting point for safer use of artificial intelligence, […]

Over the last 12 months, “risk dashboards” became all the rage in cybersecurity, with varied titles such as “risk index,” “security baseline,” “security posture,” and “risk posture.” These dashboards appear in a vendor’s user interface and purport to help security programs improve. Some even offer coveted “benchmark data” that leaders can share with boards and […]

Plenty of people had fun with ChatGPT when it released, but I’m not sure any industry had more fun than cybersecurity. When first released, it turned out that ChatGPT could write code, convert code from one programming language to another, and write malware. Sure, the coherent nonsense problem persisted, but overall, it produced solid stuff. […]

Generative AI can make doing a lot of things easier, including the wrong things. Learn the risks of AI-generated content and how to avoid them.

Preparing for the worst means putting loyalty aside to build a plan with your goals and growth at the center. Learn how to get started.