Sandy Carielli

Principal Analyst

Forrester Bio

Author Insights

Blog

What To Know: A Retrospective Of 2023’s Top Breaches And Fines

Sandy Carielli February 28, 2024
After a retrospective review of the largest publicly reported breaches and privacy violations in 2023, here's what you need to know for 2024.
Blog

High-Performance IT: Security Enters The Chat

Sandy Carielli February 8, 2024
You've heard about high-performance IT. Now learn how the CISO and the security organization fits into this new technology model.
Blog

Are Your Bot Management Tools Up To Date For Handling The Holiday Season?

Sandy Carielli October 25, 2023
Learn why you need to meet with your bot management provider now to handle the holiday season.
Blog

Your Product Security Approach Must Evolve With Your Organization’s Technology Strategy

Sandy Carielli September 11, 2023
Learn how specific investment choices can support your security organization’s evolution and maturity.
Blog

Thales To Acquire Imperva: Building This Dream House Won’t Be Easy

Heidi Shey July 25, 2023
Thales announced its agreement to acquire Imperva from private equity firm Thoma Bravo for $3.6 billion, expecting to add $500 million of revenue and expand its data and application security offerings as a result. The overall cybersecurity portfolio will then be structured across three key areas: identity (Thales), data security (Thales and Imperva), and application […]
Blog

To Secure Kubernetes, Think Beyond Kubernetes

Sandy Carielli June 22, 2023
Kubernetes is the de facto standard for deploying and managing application workloads and containers. Lee has written quite a bit about the power of Kubernetes as an innovation platform, but while development and architecture teams are bullish on Kubernetes, security teams can find themselves scrambling to secure Kubernetes environments as they hurtle toward production. The […]
Blog

The CNAPP Product Category is Getting Crowded With Capabilities

Andras Cser May 30, 2023
Learn four key reasons why the packaging of cloud-native application protection platforms into a bundle is unnecessary and possibly even misleading.
Blog

Insights From The 2023 RSA Conference: Generative AI, Quantum, And Innovation Sandbox

Allie Mellen May 2, 2023
There's growing hype around generative AI in the security world, some of it warranted, some of it not so much. Learn more by reading the Forrester security and risk team’s key perspectives from RSAC 2023.
Blog

Avoid A Bot Waterloo

Sandy Carielli March 16, 2023
I don’t follow the Eurovision Song Contest closely, but I know that ABBA famously won decades ago with “Waterloo” and that a few other contest winners — Celine Dion, Måneskin — have achieved global success afterwards. This year, though, an article about Eurovision got my attention. It seems that tickets to the live Eurovision performances […]
Blog

Product Management And Security Collaboration Benefits More Than Product Security

Sandy Carielli March 14, 2023
As part of Forrester’s research into securing what you sell, we have long advocated for security leaders to overlay their own activities with the rest of the product team and to engage in the product lifecycle before the product has even been defined. Last year, we reached out to product management decision-makers to learn more […]
Blog

Get A Head Start On The National Cybersecurity Strategy

Jeff Pollard March 2, 2023
This blog outlines Forrester’s existing Security & Risk research to help organizations navigate, manage, and prepare their organizations for the implications of the National Cybersecurity Strategy.
Blog

2022 Breaches And Fines Offer Lessons To Security Leaders

Sandy Carielli February 24, 2023
2022 didn’t let up on the security incidents — according to Forrester’s Security Survey, 2022, 74% of security decision-makers experienced at least one data breach at their firm in the previous 12 months. As we looked at the top breaches and privacy violations of 2022 — and there was activity right up to the end […]
Blog

When It Comes To Zero Trust, Nobody Puts Appsec In A Corner

Sandy Carielli February 22, 2023
Zero Trust has seen an increase in adoption over the past few years — Forrester’s Security Survey, 2022, shows that 83% of global large enterprises are reporting that senior leadership has committed their organizations to the adoption of Zero Trust. Aspects of the Zero Trust model continue to be misunderstood, however. The industry is still […]
Blog

Great Technology Organizations Have Great Security Organizations

Sandy Carielli February 17, 2023
Forrester has been researching future fit organizations for the past few years, those organizations that have evolved their technology strategy to enable their firm’s customer-obsessed business strategy. Tech organizations fall into three tech strategy buckets: Traditional tech orgs are driven by cost, act as order-takers, and typically follow waterfall methodologies; modern tech orgs evolve to […]
Blog

Ringing In The New Year With Minimum Viable Security

Sandy Carielli January 17, 2023
Learn the benefits of implementing a minimum viable security strategy and get some clear next steps on putting it into practice at your organization.
Blog

Not So Fast — Mind QR Code Risks, Or Get Ready For Damage Control

Sandy Carielli January 12, 2023
In December 2022, a scammer in California worked up fake parking tickets with QR codes on them, directing citizens to a phishing site collecting payment card information — just one of many such recent QR code-related scams. Though QR code use surged in popularity during the COVID-19 pandemic because of customer desire for touchless interactions, QR-code risk management is not maturing at the same rate as adoption.
Blog

DevOps Theme Team: 2022 In Review And Looking Ahead To 2023

Julie Mohr December 12, 2022
Happy holidays from the DevOps theme team! Our merry band of Forrester analysts covering enterprise architecture, infrastructure, application development, application security, and technology strategy meets periodically to share research, debate trends, and dive into breaking news. What are a few of the trends and themes that have caught our attention this year? Let’s dive in […]
Blog

Turn Away The Bots, Not Your Customers

Sandy Carielli October 12, 2022
Bot management solutions today offer a wide array of options. To know the right choice for your retail organization, know your customers.
Blog

In The Mature WAF Market, Product Offerings Continue To Expand

Sandy Carielli September 27, 2022
At first glance, the web application firewall (WAF) market — populated by long time vendors with robust partner programs, extensive supporting services, and a slew of customer engagement opportunities — may seem like a space that has topped out. However, changes in how organizations develop and deploy applications — more hybrid cloud, more APIs, more […]
Blog

To Drive Trust, Minimum Viable Product Needs Minimum Viable Security

Sandy Carielli August 30, 2022
What does minimum viable product planning have to do with security and customer trust? Find out in this preview of our upcoming Security & Risk North America event.
More posts