Steve Turner


Author Insights


Divide And Conquer: Rapid Response To The Apache Log4j Vulnerability

Allie Mellen December 13, 2021
It’s been … a weekend for security pros. The Apache Log4j vulnerability (CVE-2021-44228) affects somewhere between 0 and 3 billion-plus of the devices currently running Java. Luckily, a metric ton of amazing advice exists on #InfoSecTwitter right now. It’s a lot to consume at once, which is why we‘ve put together three parallel workstreams you […]

Introducing The Ransomware Survival Guide

Steve Turner November 11, 2021
Time and time again, we’ve heard these two burning questions from so many organizations: “How do we protect ourselves against ransomware?” and “Where do we start?” We’ve all seen the ransomware “research” landscape — littered with top-10 lists, vendor cure-alls (spoiler: don’t depend on one security tool to completely eradicate ransomware), and so many other […]

Forrester Security & Risk Forum 2021: Be Part Of Our World

Steve Turner November 9, 2021
Maybe it’s the amazing talks coming up today and tomorrow at the Forrester Security & Risk (S&R) Forum or maybe I’ve watched “The Little Mermaid” with the family one time too many — either way, I was inspired to write a little ditty about the forum, sung to the tune of “Part of Your World.” […]

Put These Talks On Your S&R Forum Watchlist

Allie Mellen November 3, 2021
Next week, the Forrester security and risk (S&R) team will host the Forrester Security & Risk Forum on November 9 and 10. This will be the first time I have ever attended a Forrester event, let alone the Forrester Security & Risk Forum. And while I’m disappointed it isn’t in person this year, I’m also thrilled with […]

Stop Dumping Your Budget Dollars Down The Drain For Network Visibility

Steve Turner October 20, 2021
As I’ve talked to numerous organizations about their Zero Trust journeys, one thing has stood out quite clearly: Security teams are struggling to understand what’s happening on their networks. While Zero Trust demands that you design your security architecture to protect everything in your organization as if it’s connected directly to the internet, the reality […]

Halloween Comes Early For Syniverse, FB, And Twitch — What We Can Learn From Their Spooky Outages Plus Breaches

Jeff Pollard October 7, 2021
As renowned ghost hunter and solver of mysteries Scooby-Doo would say, “Ruh roh, Raggy!” It looks like more than ghosts are wreaking havoc on haunted networks. We’re less than a full week into October, and Cybersecurity Awareness Month isn’t quite taking shape the way we expected. Ostensibly, orgs decided to pivot and use this time […]

Using Our Tools Against Us: Adversaries Continue To Abuse Trust In The Supply Chain

Steve Turner July 13, 2021
Attackers continue to abuse trust in unique and creative ways. Have you talked with your partners about security yet? Get three tips on how to do that effectively.

Forrester’s List Of Ransomware Resources

Jeff Pollard June 24, 2021
With ransomware continuing as a high-impact problem (with seemingly no end in sight), we’ve put together some useful ransomware resources for security practitioners. Security and risk (S&R) pros can use these resources to help prevent, protect, detect, and respond to ransomware outbreaks. The links below are a mixture of Forrester’s own research and third-party links. […]

Trusted Third-Party Phish Is The Catch Of The Day

Joseph Blankenship June 2, 2021
We warn users not to click on suspicious emails and not to open emails from untrusted senders to prevent users from being phished. Sender identity is one of the filtering mechanisms in email security solutions. But what happens when a trusted sender’s email account is compromised and an attacker uses that access to send emails […]

Biden Executive Order Bets Big On Zero Trust For The Future Of US Cybersecurity

Jeff Pollard May 13, 2021
Forrester's security team sifts through the details of the new executive order on cybersecurity and looks forward at its long-term impact.

Ransomware: Survive By Outrunning The Guy Next To You

Allie Mellen May 10, 2021
There are two people in a wood, and they run into a bear. The first person gets down on his knees to pray; the second person starts lacing up his boots. The first person asks the second person, “My dear friend, what are you doing? You can’t outrun a bear.” To which the second person […]

Degree Requirements Are Poisoning Your Cybersecurity Talent Pool

Steve Turner April 22, 2021
There’s no shortage of obstacles holding back folks from finding meaningful employment in the cybersecurity sector. Some of these obstacles are imposed by human resources policies and the software used to automatically scan through resumes in a game of electronic buzzword bingo, one of the most insidious of these being the requirement of a college […]

The One Where The Car Inspection Expired Due To Malware

Joseph Blankenship April 6, 2021
We kept our research associate Alexis pretty busy during the first three months of the year, and she procrastinated getting her annual car inspection in Massachusetts done. When she showed up to get her car inspected early last week (the day before her inspection sticker expired), the service center couldn’t do the inspection. She was […]

National Poetry Month And The Case For Whimsy In Security & Risk

Sandy Carielli April 5, 2021
We all need a bit of whimsy in our lives. This is not just an excuse for a whimsical blog post, though there is that. Whimsy and laughter build bridges. And in the security world, where empathy is a critical resource, whimsy can be a first and recurring step in connecting with the teams outside […]

Zero Trust Is Not A Security Solution; It’s A Strategy

Steve Turner February 18, 2021
One of the top challenges and misunderstandings that I continue to see here at Forrester is about what the definition of Zero Trust actually is. Zero Trust is not one product or platform; it’s a security framework built around the concept of “never trust, always verify” and “assuming breach.” Attempting to buy Zero Trust as […]

Meet Steve Turner, Forrester’s New Security Analyst

Steve Turner February 8, 2021
Hello, everyone! This January, I joined Forrester as an analyst on the security and risk team. I’ll be covering topics such as network analysis and visibility, Zero Trust architecture, and the Zero Trust eXtended ecosystem. I am extremely excited to join the team and make Zero Trust more accessible for organizations to understand and implement. […]