Joseph Blankenship
VP, Research Director

Author Insights
Blog
Get A Head Start On The National Cybersecurity Strategy
This blog outlines Forrester’s existing Security & Risk research to help organizations navigate, manage, and prepare their organizations for the implications of the National Cybersecurity Strategy.
Blog
’Tis The Season To Highlight Our Favorite 2022 S&R Research
It’s December, the year is almost over, and most of us will be taking the next week off, so what better way to wrap up 2022 than with a review of some of our favorite security and risk (S&R) reports from this year? I teamed up with Senior Research Associate Alexis Tatro to highlight her […]
Blog
Apply Critical Thinking And Culture To Reduce Insider Risk
Learn how to reduce the three most common types of insider threats in this Security & Risk event preview.
Blog
Practice Empathy To Reduce Insider Risk
Companies announcing layoffs need to pay attention to insider risk. Showing compassion and communicating openly can help.
Blog
Freeze Out Hackers During The 2022 Winter Olympics
For security leaders, Olympics-related security attacks are a reason to remind your users about potential threats and the latest security procedures.
Blog
We Don’t Need Another Hero, But We Could Use Some CAPES
It’s safe to say, with phishing appearing perennially at the top of the attack vector list and business email compromise (BEC) causing $1.8 billion in losses to US businesses in 2020 alone, that email security is going to have a “what’s old is new again” moment as we move into 2022. While email security technology has been […]
Blog
Using Our Tools Against Us: Adversaries Continue To Abuse Trust In The Supply Chain
Attackers continue to abuse trust in unique and creative ways. Have you talked with your partners about security yet? Get three tips on how to do that effectively.
Blog
Zero Trust Doesn’t Mean Zero Breaches
We occasionally get asked this question: “Would Zero Trust have prevented [insert high-profile breach]?” The breach in question could be Equifax, SolarWinds, or the United States Office of Personnel Management. We haven’t been asked (yet) about the announcement from Microsoft this month, where they acknowledged that they were a target of, and indeed had an […]
Blog
Revenge Of The SaaS: Mandiant Uses Services To Escape FireEye
Revenge Of The SaaS: Mandiant Dumps FEYE In a cybersecurity divorce that had fewer leading indicators than the dissolution of Kim and Kanye, Mandiant has finally untangled itself from FireEye (FEYE) by selling the product portion of the firm to Symphony Technology Group (STG) for $1.2 billion. FireEye’s history as the most “almost acquired vendor” […]
Blog
Trusted Third-Party Phish Is The Catch Of The Day
We warn users not to click on suspicious emails and not to open emails from untrusted senders to prevent users from being phished. Sender identity is one of the filtering mechanisms in email security solutions. But what happens when a trusted sender’s email account is compromised and an attacker uses that access to send emails […]
Blog
The One Where The Car Inspection Expired Due To Malware
We kept our research associate Alexis pretty busy during the first three months of the year, and she procrastinated getting her annual car inspection in Massachusetts done. When she showed up to get her car inspected early last week (the day before her inspection sticker expired), the service center couldn’t do the inspection. She was […]
Blog
National Poetry Month And The Case For Whimsy In Security & Risk
We all need a bit of whimsy in our lives. This is not just an excuse for a whimsical blog post, though there is that. Whimsy and laughter build bridges. And in the security world, where empathy is a critical resource, whimsy can be a first and recurring step in connecting with the teams outside […]
Blog
Mean Time Before CEO Scapegoats
A few months before I joined Forrester in 2015, I found a blog that introduced a new incident response (IR) metric written by @rickhholland: “Introducing A New Incident Response Metric: Mean Time Before CEO Apologizes (MTBCA).” Rick introduced this — not exactly tongue-in-cheek metric for IR – because the playbook was so familiar. Get breached, […]
Blog
Cybersecurity Lessons Learned From Snowmageddon
Social media reminded us that seven years ago, a mere two inches of snow in the middle of the day shut down Atlanta, our beloved city. It’s now affectionally referred to as Snowmageddon or Snowpocalypse. We both worked at competing security vendors then — Brian in the office at the Secureworks HQ in Sandy Springs (just […]
Blog
Microsoft Is Now A Cybersecurity Behemoth
Microsoft has achieved its goal of being a mega-security vendor. For Microsoft competitors — which is almost every vendor — this also makes the company an existential threat.
Blog
Rotten Phish Spoils Employee Experience
When our colleagues Claire O’Malley and Brian Kime wrote their “Point/Counterpoint: The Ethics Of COVID-19 Phishing” blog in March, it turns out they were inadvertently predicting an event that took place this week: An employee took to social media to speak out about a highly insensitive phishing simulation. Tribune Publishing Company, publisher of newspapers like […]
Blog
National Insider Threat Awareness Month: Stop Insiders With Zero Trust
The National Counterintelligence and Security Center (NCSC) and the National Insider Threat Task force (NITTF) partnered with US government agencies to kick off the second National Insider Threat Awareness Month this September. National Insider Threat Awareness Month was started in September 2019 with the goal to educate federal and industry employees about the risks posed […]
Blog
FORRward: A Weekly Read For Tech And Marketing Execs
Amazon Launches Halo, Its First Wearable Health Device For The Average (Budget-Conscious) Consumer This week, Amazon launched Halo, a screenless wearable device that can monitor activity, sleep, temperature, BMI, and emotion. At $99.99 (plus a small monthly service fee for advanced features), the Halo Band sits closer to Fitbit’s fitness trackers (ranging from $99.95–$169.95) than the Apple Watch ($400-plus). It focuses on what consumers want most: tracking fitness-related activity, […]
Blog
The Security Snapshot: Improving Your Security Posture During A Global Crisis
The COVID-19 global pandemic was top of mind for security leaders (and everyone else) during the second quarter of 2020. Forrester’s security and risk (S&R) team focused on pandemic recovery and looked at myriad ways to renew your security program and give it new life — from the development of talent and the future of […]
Blog
FORRward: A Weekly Read For Tech And Marketing Execs
How Poor Pandemic Management Destroys A Brand As the rest of the UK started emerging from lockdown, the city of Leicester saw local restrictions reimposed due to a second wave of infections. Leicester’s garment factories, many of which are suppliers to UK-based online fashion retailer boohoo, were identified as the most likely cause of the new outbreak. An investigation into employee conditions found that factory workers were forced to work without any social […]
More posts