Joseph Blankenship

VP, Research Director

Author Insights


Get A Head Start On The National Cybersecurity Strategy

Jeff Pollard March 2, 2023
This blog outlines Forrester’s existing Security & Risk research to help organizations navigate, manage, and prepare their organizations for the implications of the National Cybersecurity Strategy.

’Tis The Season To Highlight Our Favorite 2022 S&R Research

Joseph Blankenship December 19, 2022
It’s December, the year is almost over, and most of us will be taking the next week off, so what better way to wrap up 2022 than with a review of some of our favorite security and risk (S&R) reports from this year? I teamed up with Senior Research Associate Alexis Tatro to highlight her […]

Apply Critical Thinking And Culture To Reduce Insider Risk

Joseph Blankenship September 27, 2022
Learn how to reduce the three most common types of insider threats in this Security & Risk event preview.

Practice Empathy To Reduce Insider Risk

Joseph Blankenship June 15, 2022
Companies announcing layoffs need to pay attention to insider risk. Showing compassion and communicating openly can help.

Freeze Out Hackers During The 2022 Winter Olympics

Joseph Blankenship February 3, 2022
For security leaders, Olympics-related security attacks are a reason to remind your users about potential threats and the latest security procedures.

We Don’t Need Another Hero, But We Could Use Some CAPES

Jess Burn November 18, 2021
It’s safe to say, with phishing appearing perennially at the top of the attack vector list and business email compromise (BEC) causing $1.8 billion in losses to US businesses in 2020 alone, that email security is going to have a “what’s old is new again” moment as we move into 2022. While email security technology has been […]

Using Our Tools Against Us: Adversaries Continue To Abuse Trust In The Supply Chain

Steve Turner July 13, 2021
Attackers continue to abuse trust in unique and creative ways. Have you talked with your partners about security yet? Get three tips on how to do that effectively.

Zero Trust Doesn’t Mean Zero Breaches

David Holmes June 29, 2021
We occasionally get asked this question: “Would Zero Trust have prevented [insert high-profile breach]?” The breach in question could be Equifax, SolarWinds, or the United States Office of Personnel Management. We haven’t been asked (yet) about the announcement from Microsoft this month, where they acknowledged that they were a target of, and indeed had an […]

Revenge Of The SaaS: Mandiant Uses Services To Escape FireEye

Jeff Pollard June 3, 2021
Revenge Of The SaaS: Mandiant Dumps FEYE In a cybersecurity divorce that had fewer leading indicators than the dissolution of Kim and Kanye, Mandiant has finally untangled itself from FireEye (FEYE) by selling the product portion of the firm to Symphony Technology Group (STG) for $1.2 billion. FireEye’s history as the most “almost acquired vendor” […]

Trusted Third-Party Phish Is The Catch Of The Day

Joseph Blankenship June 2, 2021
We warn users not to click on suspicious emails and not to open emails from untrusted senders to prevent users from being phished. Sender identity is one of the filtering mechanisms in email security solutions. But what happens when a trusted sender’s email account is compromised and an attacker uses that access to send emails […]

The One Where The Car Inspection Expired Due To Malware

Joseph Blankenship April 6, 2021
We kept our research associate Alexis pretty busy during the first three months of the year, and she procrastinated getting her annual car inspection in Massachusetts done. When she showed up to get her car inspected early last week (the day before her inspection sticker expired), the service center couldn’t do the inspection. She was […]

National Poetry Month And The Case For Whimsy In Security & Risk

Sandy Carielli April 5, 2021
We all need a bit of whimsy in our lives. This is not just an excuse for a whimsical blog post, though there is that. Whimsy and laughter build bridges. And in the security world, where empathy is a critical resource, whimsy can be a first and recurring step in connecting with the teams outside […]

Mean Time Before CEO Scapegoats

Jeff Pollard March 1, 2021
A few months before I joined Forrester in 2015, I found a blog that introduced a new incident response (IR) metric written by @rickhholland: “Introducing A New Incident Response Metric: Mean Time Before CEO Apologizes (MTBCA).” Rick introduced this — not exactly tongue-in-cheek metric for IR – because the playbook was so familiar. Get breached, […]

Cybersecurity Lessons Learned From Snowmageddon

Brian Kime January 28, 2021
Social media reminded us that seven years ago, a mere two inches of snow in the middle of the day shut down Atlanta, our beloved city. It’s now affectionally referred to as Snowmageddon or Snowpocalypse. We both worked at competing security vendors then — Brian in the office at the Secureworks HQ in Sandy Springs (just […]

Microsoft Is Now A Cybersecurity Behemoth

Jeff Pollard January 27, 2021
Microsoft has achieved its goal of being a mega-security vendor. For Microsoft competitors — which is almost every vendor — this also makes the company an existential threat.

Rotten Phish Spoils Employee Experience

Jinan Budge September 24, 2020
When our colleagues Claire O’Malley and Brian Kime wrote their “Point/Counterpoint: The Ethics Of COVID-19 Phishing” blog in March, it turns out they were inadvertently predicting an event that took place this week: An employee took to social media to speak out about a highly insensitive phishing simulation. Tribune Publishing Company, publisher of newspapers like […]

National Insider Threat Awareness Month: Stop Insiders With Zero Trust

Joseph Blankenship September 3, 2020
The National Counterintelligence and Security Center (NCSC) and the National Insider Threat Task force (NITTF) partnered with US government agencies to kick off the second National Insider Threat Awareness Month this September. National Insider Threat Awareness Month was started in September 2019 with the goal to educate federal and industry employees about the risks posed […]

FORRward: A Weekly Read For Tech And Marketing Execs

Emily Collins September 1, 2020
Amazon Launches Halo, Its First Wearable Health Device For The Average (Budget-Conscious) Consumer This week, Amazon launched Halo, a screenless wearable device that can monitor activity, sleep, temperature, BMI, and emotion. At $99.99 (plus a small monthly service fee for advanced features), the Halo Band sits closer to Fitbit’s fitness trackers (ranging from $99.95–$169.95) than the Apple Watch ($400-plus). It focuses on what consumers want most: tracking fitness-related activity, […]

The Security Snapshot: Improving Your Security Posture During A Global Crisis

Joseph Blankenship August 24, 2020
The COVID-19 global pandemic was top of mind for security leaders (and everyone else) during the second quarter of 2020. Forrester’s security and risk (S&R) team focused on pandemic recovery and looked at myriad ways to renew your security program and give it new life — from the development of talent and the future of […]

FORRward: A Weekly Read For Tech And Marketing Execs

Emily Collins July 13, 2020
How Poor Pandemic Management Destroys A Brand As the rest of the UK started emerging from lockdown, the city of Leicester saw local restrictions reimposed due to a second wave of infections. Leicester’s garment factories, many of which are suppliers to UK-based online fashion retailer boohoo, were identified as the most likely cause of the new outbreak. An investigation into employee conditions found that factory workers were forced to work without any social […]
More posts