Steve Turner

Time and time again, we’ve heard these two burning questions from so many organizations: “How do we protect ourselves against ransomware?” and “Where do we start?” We’ve all seen the ransomware “research” landscape — littered with top-10 lists, vendor cure-alls (spoiler: don’t depend on one security tool to completely eradicate ransomware), and so many other […]

Maybe it’s the amazing talks coming up today and tomorrow at the Forrester Security & Risk (S&R) Forum or maybe I’ve watched “The Little Mermaid” with the family one time too many — either way, I was inspired to write a little ditty about the forum, sung to the tune of “Part of Your World.” […]

Next week, the Forrester security and risk (S&R) team will host the Forrester Security & Risk Forum on November 9 and 10. This will be the first time I have ever attended a Forrester event, let alone the Forrester Security & Risk Forum. And while I’m disappointed it isn’t in person this year, I’m also thrilled with […]

As I’ve talked to numerous organizations about their Zero Trust journeys, one thing has stood out quite clearly: Security teams are struggling to understand what’s happening on their networks. While Zero Trust demands that you design your security architecture to protect everything in your organization as if it’s connected directly to the internet, the reality […]

As renowned ghost hunter and solver of mysteries Scooby-Doo would say, “Ruh roh, Raggy!” It looks like more than ghosts are wreaking havoc on haunted networks. We’re less than a full week into October, and Cybersecurity Awareness Month isn’t quite taking shape the way we expected. Ostensibly, orgs decided to pivot and use this time […]

Attackers continue to abuse trust in unique and creative ways. Have you talked with your partners about security yet? Get three tips on how to do that effectively.

With ransomware continuing as a high-impact problem (with seemingly no end in sight), we’ve put together some useful ransomware resources for security practitioners. Security and risk (S&R) pros can use these resources to help prevent, protect, detect, and respond to ransomware outbreaks. The links below are a mixture of Forrester’s own research and third-party links. […]

We warn users not to click on suspicious emails and not to open emails from untrusted senders to prevent users from being phished. Sender identity is one of the filtering mechanisms in email security solutions. But what happens when a trusted sender’s email account is compromised and an attacker uses that access to send emails […]

Forrester's security team sifts through the details of the new executive order on cybersecurity and looks forward at its long-term impact.

There are two people in a wood, and they run into a bear. The first person gets down on his knees to pray; the second person starts lacing up his boots. The first person asks the second person, “My dear friend, what are you doing? You can’t outrun a bear.” To which the second person […]

There’s no shortage of obstacles holding back folks from finding meaningful employment in the cybersecurity sector. Some of these obstacles are imposed by human resources policies and the software used to automatically scan through resumes in a game of electronic buzzword bingo, one of the most insidious of these being the requirement of a college […]

We kept our research associate Alexis pretty busy during the first three months of the year, and she procrastinated getting her annual car inspection in Massachusetts done. When she showed up to get her car inspected early last week (the day before her inspection sticker expired), the service center couldn’t do the inspection. She was […]

We all need a bit of whimsy in our lives. This is not just an excuse for a whimsical blog post, though there is that. Whimsy and laughter build bridges. And in the security world, where empathy is a critical resource, whimsy can be a first and recurring step in connecting with the teams outside […]

One of the top challenges and misunderstandings that I continue to see here at Forrester is about what the definition of Zero Trust actually is. Zero Trust is not one product or platform; it’s a security framework built around the concept of “never trust, always verify” and “assuming breach.” Attempting to buy Zero Trust as […]

Hello, everyone! This January, I joined Forrester as an analyst on the security and risk team. I’ll be covering topics such as network analysis and visibility, Zero Trust architecture, and the Zero Trust eXtended ecosystem. I am extremely excited to join the team and make Zero Trust more accessible for organizations to understand and implement. […]