Jess Burn
Senior Analyst

Author Insights
Blog
The Pay Gap Isn’t The Only Problem For Women In CISO Roles
Last week, we published Forrester’s third CISO Career Paths report. This research involved an analysis of the career paths of Fortune 500 CISOs, looking into their education, tenures, and prior experiences of security leaders at some of the world’s largest companies. This data showcases existing trends and helps forecast what CISO roles will look like […]
Blog
2023 Security Recommendations: Protect Your Ass(ets) And Lawyer Up
Forrester recently published Top Recommendations For Your Security Program, 2023 for CISOs and other senior cybersecurity and technology leaders. This year’s overarching theme involves protection (as you might expect) — but not exactly in the way you’d think in the context of security. In 2023, our recommendations fall into three major strategic themes for security […]
Blog
Introducing The Forrester Asset Taxonomy
The definition of “asset” has broadened well beyond traditional financial boundaries in the earliest days of IT asset management. Technology stakeholders are often confused over what constitutes an asset, and the technologies to enable enterprise asset management frequently add to this confusion.
Blog
Get A Head Start On The National Cybersecurity Strategy
This blog outlines Forrester’s existing Security & Risk research to help organizations navigate, manage, and prepare their organizations for the implications of the National Cybersecurity Strategy.
Blog
2022 Breaches And Fines Offer Lessons To Security Leaders
2022 didn’t let up on the security incidents — according to Forrester’s Security Survey, 2022, 74% of security decision-makers experienced at least one data breach at their firm in the previous 12 months. As we looked at the top breaches and privacy violations of 2022 — and there was activity right up to the end […]
Blog
Announcing Forrester’s Enterprise Email Security Landscape, Q1 2023
What a time to be in email security! For buyers, there has never been more choice in solutions to protect your organizations. And for sellers? Well, there’s never been more of an incentive to innovate. Forrester’s just-published The Enterprise Email Security Landscape, Q1 2023 report provides an overview of 34 players in this market and […]
Blog
How CISOs Can Navigate The 2023 Downturn
CISOs must use this period of austerity to reinforce security as a core competency that drives growth and protects revenue.
Blog
Cybersecurity Risk Dashboards: No Value, Extreme Liability
Over the last 12 months, “risk dashboards” became all the rage in cybersecurity, with varied titles such as “risk index,” “security baseline,” “security posture,” and “risk posture.” These dashboards appear in a vendor’s user interface and purport to help security programs improve. Some even offer coveted “benchmark data” that leaders can share with boards and […]
Blog
External Attack Surface Management Finds Assets That Your Org Can’t See
The External Attack Surface Management Landscape, Q1 2023 is now available! Forrester clients can view the report to dive deeper into the benefits of EASM and key functionalities to assess when selecting an EASM vendor. As Jess Burn and I finalized this report, we couldn’t help but think that organizations that are blind to what’s […]
Blog
Leadership: Don’t Make It Harder Than It Is — Perspectives From A Former CISO/CSO
I’m kicking off my blog series, “Perspectives From A Former CISO,” with my thoughts on leadership. The series will pull from my experiences as a CISO and those of my peers. To be clear, I don’t purport to have the all the answers but did learn a thing to two during my tenure leading teams […]
Blog
Acknowledging Our Love-Hate Relationship With Security Certifications
Security certifications don’t make you a better practitioner, they make you a better candidate. Experience and continued training and upskilling takes over from there. How do we reconcile this?
Blog
CISA Releases Directives On Asset Discovery And Vulnerability Enumeration
The Cybersecurity & Infrastructure Security Agency (CISA) kicked off Cybersecurity Awareness Month with a bang yesterday, with its latest binding operational directive that requires federal agencies to account for a complete inventory of assets and vulnerabilities. In past CISA coverage, we recommended that organizations doing business with the federal government, looking to maintain good cyber […]
Blog
Cyber Grant Program Is Welcome News For Small Governments
Local governments have become frequent targets of cyber attacks, and funding and planning for preventing for more attacks have been left largely to the local level. A new initiative is changing that.
Blog
Apple’s BIMI Support = Time To Get Serious About DMARC Enforcement
Learn how Apple's latest announcement will make inboxes safer and what's required to reach DMARC enforcement.
Blog
It’s Not You, It’s Them: Build A Resilient Cybersecurity Career
Preparing for the worst means putting loyalty aside to build a plan with your goals and growth at the center. Learn how to get started.
Blog
DuckDuckGo’s Email Protection: Another Strike Against The Surveillance Economy
Fresh off a yearlong beta test, DuckDuckGo moved its email protection service into an open beta. The service works across iOS and Android; browser extensions for Edge, Chrome, Firefox, and Brave; and DuckDuckGo for Mac. The service blocks trackers in emails, reducing the amount and type of data emails can send to third parties (like […]
Blog
The Do’s And Don’ts Of Cybersecurity Interview Question Design
To hire successful candidates, you need to learn about more than just their tech skills. These tips can help you know what to look for — and what pitfalls to avoid.
Blog
Step Up Your Governance Game With Our Information Security Steering Committee Charter Template
We’ve said it many times: Security matters, and security leaders have more influence and access to boards and senior executives than ever. Thanks to external forces like ransomware attacks, evolving security and privacy legislation, and existential loss of cyber insurance dread, they get it at the top. But that doesn’t always translate into engagement or […]
Blog
Who’s Responsible For Cyber Insurance Policy Misrepresentations? It Depends.
On July 6, 2022, the Travelers Property Casualty Company of America (Travelers Insurance) filed a suit in an Illinois federal court against International Control Services, Inc. (ICS) asking for policy rescission and declaratory judgment against ICS. Travelers alleges that ICS misrepresented its use of multifactor authentication (MFA) on its policy application, which should be sufficient […]
Blog
The Reaper Comes For Cyber Unicorns
While the economic downturn is in its early stages, it looks as though the hypergrowth phase of the cybersecurity vendor party has reached an abrupt end.
More posts