Jeff Pollard

VP, Principal Analyst

Forrester Bio

Author Insights

Blog

Prevent Data Turnovers With Insider Risk Management

Joseph Blankenship August 28, 2023
Learn some valuable lessons about insider risk management from the New York Knicks and the Toronto Raptors. Really.
Blog

2003 Called, And It Doesn’t Want Its Email Security Appliances Back

Joseph Blankenship August 24, 2023
Email security appliances have come a long way in the past 20 years. Learn the benefits of cloud-delivered email security.
Blog

Black Hat USA 2023: Insights From Our Short Vegas Residency

Jeff Pollard August 21, 2023
Black Hat USA 2023: Insights From Our Short Vegas Residency Black Hat has gone from being RSAC’s smaller tech and practitioner-focused cousin to being a commercial showcase for cybersecurity vendors. A tightly packed, noisy Business Hall included over 300 vendors and 400 organizations with booths, which was great for swag but bad for anyone with […]
Blog

Making Reality Unreal: Five Deepfake Scams That Imperil Enterprises In 2023

Jeff Pollard June 27, 2023
While it might seem like generative AI is the only use case for AI around today, just a few years ago, deepfakes wore the mantle for attention and hype in the AI universe. That’s fallen off considerably today, but we will likely see a resurgence in interest based on attacks using deepfakes to scam and […]
Blog

Introducing Detection Surface, The Cybersecurity Defense That Parallels Attack Surface

Allie Mellen June 26, 2023
On traditional infrastructure (laptops, servers, workstations, on-premises network infrastructure), the attack surface was the closest match to true perimeter-based defense we could get. The network infrastructure gave access to the systems within (crunchy outside; gooey, cubicle, khakis, and blue button-downs inside). As such, detection of attacker activity was relegated to network-based activity, endpoint-based activity, and […]
Blog

Defending AI Models: From Soon To Yesterday

Jeff Pollard May 24, 2023
Enterprise adoption of fine-tuned large language models is already underway, forcing cybersecurity teams to learn quickly how to protect them.
Blog

Announcing The Forrester Wave™: Managed Detection And Response, Q2 2023

Jeff Pollard May 18, 2023
The Forrester Wave™: Managed Detection And Response (MDR), Q2 2023 is live! The MDR market continues to redefine what it means to offer a successful security service with high client satisfaction and retention rates and, as a result, extraordinary growth rates. For now, no single vendor dominates the MDR market, but providers bringing endpoint detection […]
Blog

Generative AI Goes Mainstream In Security With Microsoft Security Copilot

Allie Mellen March 28, 2023
Typically, security is late to the game with technology innovation. Before we get to see innovative technology, we have to wait for it to matter to security. This time, however, is different. In January, we predicted how the announcement of ChatGPT could change cybersecurity, and today, our predictions were validated again with the announcement of […]
Blog

Product Management And Security Collaboration Benefits More Than Product Security

Sandy Carielli March 14, 2023
As part of Forrester’s research into securing what you sell, we have long advocated for security leaders to overlay their own activities with the rest of the product team and to engage in the product lifecycle before the product has even been defined. Last year, we reached out to product management decision-makers to learn more […]
Blog

The Pay Gap Isn’t The Only Problem For Women In CISO Roles

Jeff Pollard March 8, 2023
Last week, we published Forrester’s third CISO Career Paths report. This research involved an analysis of the career paths of Fortune 500 CISOs, looking into their education, tenures, and prior experiences of security leaders at some of the world’s largest companies. This data showcases existing trends and helps forecast what CISO roles will look like […]
Blog

2023 Security Recommendations: Protect Your Ass(ets) And Lawyer Up

Jeff Pollard March 6, 2023
Forrester recently published Top Recommendations For Your Security Program, 2023 for CISOs and other senior cybersecurity and technology leaders. This year’s overarching theme involves protection (as you might expect) — but not exactly in the way you’d think in the context of security. In 2023, our recommendations fall into three major strategic themes for security […]
Blog

Get A Head Start On The National Cybersecurity Strategy

Jeff Pollard March 2, 2023
This blog outlines Forrester’s existing Security & Risk research to help organizations navigate, manage, and prepare their organizations for the implications of the National Cybersecurity Strategy.
Blog

Five Reasons Why CISOs Should Report To CEOs

Jeff Pollard February 21, 2023
Cybersecurity problems won’t disappear, but CISOs who are elevated in the organization run better cybersecurity programs.
Blog

Great Technology Organizations Have Great Security Organizations

Sandy Carielli February 17, 2023
Forrester has been researching future fit organizations for the past few years, those organizations that have evolved their technology strategy to enable their firm’s customer-obsessed business strategy. Tech organizations fall into three tech strategy buckets: Traditional tech orgs are driven by cost, act as order-takers, and typically follow waterfall methodologies; modern tech orgs evolve to […]
Blog

NIST AI Risk Management Framework 1.0 — What It Means For Enterprises

Michele Goetz February 7, 2023
Forrester provides guidance on how to succeed with AI governance with the NIST’s AI RMF 1.0.
Blog

Groundhog Day, SEC Style: Proposed Rule On Cybersecurity Risk Governance Has All The Pain Of SOX With Fewer Financial Penalties

Alla Valente February 2, 2023
There’s a significant shift ahead for how public firms and their boards treat cybersecurity risk. The last two years increased the amount of cybersecurity oversight in terms of regulations and guidelines. Voluntary “recommendations” such as the National Institute of Standards and Technology’s guidelines for AI offer a starting point for safer use of artificial intelligence, […]
Blog

Cybersecurity Risk Dashboards: No Value, Extreme Liability

Jeff Pollard January 30, 2023
Over the last 12 months, “risk dashboards” became all the rage in cybersecurity, with varied titles such as “risk index,” “security baseline,” “security posture,” and “risk posture.” These dashboards appear in a vendor’s user interface and purport to help security programs improve. Some even offer coveted “benchmark data” that leaders can share with boards and […]
Blog

ChatGPT: Cybersecurity Ramifications Beyond Malware

Jeff Pollard January 26, 2023
Plenty of people had fun with ChatGPT when it released, but I’m not sure any industry had more fun than cybersecurity. When first released, it turned out that ChatGPT could write code, convert code from one programming language to another, and write malware. Sure, the coherent nonsense problem persisted, but overall, it produced solid stuff. […]
Blog

Beware Of “Coherent Nonsense” When Implementing Generative AI

Rowan Curran December 8, 2022
Generative AI can make doing a lot of things easier, including the wrong things. Learn the risks of AI-generated content and how to avoid them.
Blog

It’s Not You, It’s Them: Build A Resilient Cybersecurity Career

Jeff Pollard September 12, 2022
Preparing for the worst means putting loyalty aside to build a plan with your goals and growth at the center. Learn how to get started.
More posts