Sandy Carielli

Principal Analyst

Forrester Bio

Author Insights

Blog

As Bad Bots Level Up, Use Bot Management To Stay One Step Ahead

Sandy Carielli 2 days ago
In my new report, Now Tech: Bot Management, Q4 2021, I discuss the ongoing scourge of bad bots and define the vendor landscape for bot management solutions. I chatted with my research associate, Isabelle Raposo, about this report over the course of the research process. This is the first time we’ve worked on a report […]
Read More
Blog

Retailers: Stop The Bots From Further Wreaking Havoc With Your Supply Chain

Sandy Carielli November 8, 2021
Retailers, the time is now to manage supply chain risks, raise bot defenses, and prioritize customers this holiday season.
Read More
Blog

Forrester’s Security & Risk 2021 Preview: Secure What You Sell Goes Mainstream

Sandy Carielli November 4, 2021
Before I joined Forrester, my colleagues Jeff Pollard and Amy DeMartine initiated our product security research, leading to our first report on the topic, Secure What You Sell: CISOs Must Tackle Product Security To Protect Customers. In those bygone days of 2018 and 2019, we identified that: Forrester was the first to market with this […]
Read More
Blog

Put These Talks On Your S&R Forum Watchlist

Allie Mellen November 3, 2021
Next week, the Forrester security and risk (S&R) team will host the Forrester Security & Risk Forum on November 9 and 10. This will be the first time I have ever attended a Forrester event, let alone the Forrester Security & Risk Forum. And while I’m disappointed it isn’t in person this year, I’m also thrilled with […]
Read More
Video

Predictions 2022: Continued Uncertainty Forces Attention On Securing Relationships

Jeff Pollard October 28, 2021

Watch Now
Blog

When Systemic Risks Collide: Why Supply Chain Issues Are The New Normal

Alla Valente October 26, 2021
Before March of 2020, “supply chain issues” was a term we’d hear after a natural disaster or labor strike — that all ended the moment we ran out of toilet paper. Unquestionably, the supply chain crisis has been a secondary theme of the pandemic, one that continues to escalate. For the 15 months since the […]
Read More
Blog

CISOs And The Next Era Of Security Visibility: Observability

Jeff Pollard October 18, 2021
For security leaders and practitioners, it seems like developers and IT teams get all the cool toys, and security pros get stuck with the hand-me-downs. Dev was first to cloud, IT followed, and security warily joined in. IT had patch management while security just scanned to see if the patches weren’t there; and security orchestration, […]
Read More
Blog

The Application Security Market Will Grow To $12.9 Billion By 2025

Sandy Carielli September 23, 2021
Application security budgets are on the rise. Find out which sectors of the market will see the most dramatic investment and why.
Read More
Blog

Our Take On The Microsoft Power Apps Portals Data Leak

John Bratincevic September 1, 2021
In light of the recent Power Apps portals data leak, learn three key points about the security of low-code platforms.
Read More
Blog

European Security Leaders Must Invest In AppSec To Catch Up With Their Peers Across The Globe

Sandy Carielli August 31, 2021
Like the rest of the world, European firms have been forced to pivot to digital experiences in the last year, even, as in the case of Italian luxury goods businesses, when digital went against long-standing cultural norms. As their firms pivot, European security leaders would do well to remember that vulnerable web applications are a […]
Read More
Blog

SCA Vendors Are Leading The Way On Diversity, Equity, And Inclusion

Sandy Carielli August 31, 2021
It’s no secret that the security industry has a DEI problem. Yes, I just linked to six different articles or social media posts supporting that point, and I’ve barely scratched the surface. My colleagues, Jinan Budge, Jess Burn, Allie Mellen, and Alla Valente, authored a blog about gender bias in the security industry last month, […]
Read More
Blog

Software Composition Analysis Is A Core Tool To Protect Your Software Supply Chain

Sandy Carielli August 18, 2021
Over the past year, breaches such as SolarWinds and Kaseya have woken us up to the realities of software supply chain risk. Whether through infiltrating the software delivery pipeline, deliberately uploading malicious components to popular repositories, or taking advantage of existing vulnerabilities in open source components, attackers are leveraging gaps in supply chain controls to […]
Read More
Blog

Debunking Infosec Purity And Other Security Myths In The Wake Of Recent Attacks

Sandy Carielli May 21, 2021
Earlier this week, an op-ed published on The Hill sent information security (infosec) Twitter into a tizzy by blaming cybersecurity industry best practices for recent high-profile security breaches. For the security team at Forrester, the op-ed furthered a number of security myths that we felt compelled to bust here. Myth #1: The Best Infosec Pros […]
Read More
Blog

Biden Executive Order Bets Big On Zero Trust For The Future Of US Cybersecurity

Jeff Pollard May 13, 2021
Forrester's security team sifts through the details of the new executive order on cybersecurity and looks forward at its long-term impact.
Read More
Blog

It’s Time For E-Commerce And Security Pros To Collaborate To Combat Bot Fraud

Sandy Carielli May 6, 2021
Bots are bigger than the security team. Conversations with security professionals concerned about bots often start with credential stuffing attacks, but the bot landscape is much broader and can directly impact your top line. Even the defenses have business impacts: A bot management solution that slows down traffic on the biggest shopping day of the […]
Read More
Blog

Google V. Oracle: Sanity Prevails At The Supreme Court

David Mooter April 6, 2021
Yesterday, the United States Supreme Court ruled that Google’s usage of Java APIs was legal, and the US IT industry breathed a sigh of relief. At issue was Google writing its own implementation of the Java language, which happened to use the same APIs as Oracle’s Java SE. The Supreme Court’s Decision What exactly did […]
Read More
Blog

National Poetry Month And The Case For Whimsy In Security & Risk

Sandy Carielli April 5, 2021
We all need a bit of whimsy in our lives. This is not just an excuse for a whimsical blog post, though there is that. Whimsy and laughter build bridges. And in the security world, where empathy is a critical resource, whimsy can be a first and recurring step in connecting with the teams outside […]
Read More
Blog

Make Application Security A Top Priority

Sandy Carielli March 23, 2021
When we launched the most recent Forrester Analytics Business Technographics® Security Survey, it was summer of 2020. We’d been in quarantine for about three months, and firms had long since realized that they needed to digitally transform their businesses (and fast) in order to survive the new normal. That meant a lot of application development, as […]
Read More
Blog

Just In Time, The SAST Market Has Embraced The Developer

Sandy Carielli January 11, 2021
The classical challenge with static application security testing (SAST) was bridging the gap between security and development. In SAST’s early days, it was a tool for security pros, who threw the results of prerelease scans over the wall to developers to fix. Developers had to contend with large numbers of unclear findings and false positives, […]
Read More
Blog

It’s Likely You Already Have Low-Code Developers — Get Them Into Your Security Neighborhood

Sandy Carielli January 4, 2021
Security pros should work to integrate security into the developer experience to ensure customer-facing applications are secure. Consider these three points to get started.
Read More
More posts