Joseph Blankenship
VP, Research Director

Author Insights
Blog
Splunk Is Good For Cisco, But Cisco Needs To Convince Splunk Customers That Cisco Is Good For Them
Find out what Cisco's $28 billion planned acquisition of Splunk could mean for both observability and security.
Blog
Don’t Be A Passive Bystander — Take An Active Approach To Insider Risk
One of Forrester’s best practices for managing insider risk is to turn your employees into advocates for the program. Get five tips for how to do that in this preview of our upcoming Security & Risk event in November.
Blog
Prevent Data Turnovers With Insider Risk Management
Learn some valuable lessons about insider risk management from the New York Knicks and the Toronto Raptors. Really.
Blog
2003 Called, And It Doesn’t Want Its Email Security Appliances Back
Email security appliances have come a long way in the past 20 years. Learn the benefits of cloud-delivered email security.
Blog
Black Hat USA 2023: Insights From Our Short Vegas Residency
Black Hat USA 2023: Insights From Our Short Vegas Residency Black Hat has gone from being RSAC’s smaller tech and practitioner-focused cousin to being a commercial showcase for cybersecurity vendors. A tightly packed, noisy Business Hall included over 300 vendors and 400 organizations with booths, which was great for swag but bad for anyone with […]
Blog
Nominate Your Organization For Forrester’s Security & Risk Enterprise Leadership Award
In June, Forrester announced our inaugural Security & Risk Enterprise Leadership Award. Today, we’re extending the deadline for submissions to September 12 to give applicants time to finish their much-needed summer vacations and complete the application process. The Security & Risk Enterprise Leadership Award will recognize organizations — and their leaders — that have transformed the […]
Blog
The Busy Security Leader’s Guide To The National Cybersecurity Strategy Implementation Plan
Security and risk leaders beware, the Biden Administration released the next major step in its plan to implement the National Cybersecurity Strategy (NCS) on July 13, 2023. The National Cybersecurity Strategy Implementation Plan (NCSIP) includes 65 federal initiatives across five pillars aimed at increasing cybersecurity investment, assigning federal agencies to specific initiatives, and giving timelines […]
Blog
Announcing Forrester’s Security & Risk Enterprise Leadership Award
Forrester is thrilled to announce its inaugural Security & Risk Enterprise Leadership Award, which will recognize security organizations that have transformed the security, privacy, and risk management functions to fuel long-term success. Learn how to apply here.
Blog
Get A Head Start On The National Cybersecurity Strategy
This blog outlines Forrester’s existing Security & Risk research to help organizations navigate, manage, and prepare their organizations for the implications of the National Cybersecurity Strategy.
Blog
’Tis The Season To Highlight Our Favorite 2022 S&R Research
It’s December, the year is almost over, and most of us will be taking the next week off, so what better way to wrap up 2022 than with a review of some of our favorite security and risk (S&R) reports from this year? I teamed up with Senior Research Associate Alexis Tatro to highlight her […]
Blog
Apply Critical Thinking And Culture To Reduce Insider Risk
Learn how to reduce the three most common types of insider threats in this Security & Risk event preview.
Blog
Practice Empathy To Reduce Insider Risk
Companies announcing layoffs need to pay attention to insider risk. Showing compassion and communicating openly can help.
Blog
Freeze Out Hackers During The 2022 Winter Olympics
For security leaders, Olympics-related security attacks are a reason to remind your users about potential threats and the latest security procedures.
Blog
We Don’t Need Another Hero, But We Could Use Some CAPES
It’s safe to say, with phishing appearing perennially at the top of the attack vector list and business email compromise (BEC) causing $1.8 billion in losses to US businesses in 2020 alone, that email security is going to have a “what’s old is new again” moment as we move into 2022. While email security technology has been […]
Blog
Using Our Tools Against Us: Adversaries Continue To Abuse Trust In The Supply Chain
Attackers continue to abuse trust in unique and creative ways. Have you talked with your partners about security yet? Get three tips on how to do that effectively.
Blog
Zero Trust Doesn’t Mean Zero Breaches
We occasionally get asked this question: “Would Zero Trust have prevented [insert high-profile breach]?” The breach in question could be Equifax, SolarWinds, or the United States Office of Personnel Management. We haven’t been asked (yet) about the announcement from Microsoft this month, where they acknowledged that they were a target of, and indeed had an […]
Blog
Revenge Of The SaaS: Mandiant Uses Services To Escape FireEye
Revenge Of The SaaS: Mandiant Dumps FEYE In a cybersecurity divorce that had fewer leading indicators than the dissolution of Kim and Kanye, Mandiant has finally untangled itself from FireEye (FEYE) by selling the product portion of the firm to Symphony Technology Group (STG) for $1.2 billion. FireEye’s history as the most “almost acquired vendor” […]
Blog
Trusted Third-Party Phish Is The Catch Of The Day
We warn users not to click on suspicious emails and not to open emails from untrusted senders to prevent users from being phished. Sender identity is one of the filtering mechanisms in email security solutions. But what happens when a trusted sender’s email account is compromised and an attacker uses that access to send emails […]
Blog
The One Where The Car Inspection Expired Due To Malware
We kept our research associate Alexis pretty busy during the first three months of the year, and she procrastinated getting her annual car inspection in Massachusetts done. When she showed up to get her car inspected early last week (the day before her inspection sticker expired), the service center couldn’t do the inspection. She was […]
Blog
National Poetry Month And The Case For Whimsy In Security & Risk
We all need a bit of whimsy in our lives. This is not just an excuse for a whimsical blog post, though there is that. Whimsy and laughter build bridges. And in the security world, where empathy is a critical resource, whimsy can be a first and recurring step in connecting with the teams outside […]
More posts