Thanks to your lovely congratulatory emails and comments, I was reminded that last week marked my 12-month anniversary with Forrester. Crikey, that went by fast! I wanted to share this slightly indulgent post with you, for reflection but also to summarize the research of the last 12 months (and to seek your input into the next 12 months).

The Last 12 Months: Research, Research, Research!

In 12 months, I have managed to publish 12 reports on all manner of security things that I love, such as:

  • ABC (awareness, behavior, culture). Claire O’Malley and I have now published four reports on this topic, which I’m deeply passionate about: the people side of security.

We began with “Instill A Security Culture By Elevating Communication,” which gave a framework for how to build your ABC program. In “Harden Your Human Firewall,” we aimed to give real-life examples of tactics that organizations have used in their awareness programs. We then noticed that many CISOs were struggling with justifying the ABC of security, so we wrote “The Business Case For Security Awareness And Training.”

Claire had already begun work with our awareness and training vendor community, and we also decided to release the “Now Tech: Security Awareness And Training Solutions, Q1 2019” to help you get a sense of the vendor landscape for awareness solutions. Look out for our upcoming Forrester Wave™ early next year.

We have so much more to go in this space in the next 12 months. I’m thinking that an awareness, behavior, and culture maturity model might be helpful. Your input into what you would like to see is most welcome.

  • Strategy and transformation. Given my background, this is obviously my greatest area of passion. How do you strategically transform security within an organization, get the required buy-in, prioritize all the initiatives, and most importantly, sell it? I launched this research area of focus at Forrester with “Transform Your Cybersecurity Capability” and collaborated with colleagues on updating or creating other strategy-related docs, my favorite being “Top Recommendations For Your Security Program, 2019.”
  • Executive influence and reporting. Writing and helping our clients on “How To Talk To Your Board About Cybersecurity” was a highlight of the last 12 months.
  • Managed security services in APAC — the Wave! Let’s not forget the wave — that was definitely a learning experience.

To deliver much of the above, I have collaborated with many remarkable analysts and advisors.

The Travel And Global Conversations (The Good And The Bad)

According to my travel app, I have probably done more airline miles that I should have. This was equally satisfying and exhausting at the same time. I don’t need to tell you about the exhaustion part — if you’ve ever been on a plane and away from your family for days at a time, you know what I mean. I have had to relearn how to speak in front of large and discerning crowds without totally freaking out and to deliver value to those crowds.

On the upside, I have worked with our clients all over the world in cities such as Singapore, Bangalore, Tokyo, Boston, San Francisco, Sydney, and New Delhi, to name a few. I have had the privilege to present at both huge and intimate global, local, and APAC events. This has included the massive RSA Conference in San Francisco and our own more intimate Forrester Leadership Boards (FLB) CISO member meetings. I’ve learned so much, and there’s nothing like getting a global view on security, in my humble opinion.

Because of the above, we have extended our security research (especially in the services space) to provide a global perspective. With that, we are able to better serve our global clients wishing to do business in APAC, as well as our own APAC clients.

My Learnings

All this travel and research has given me the chance to speak to literally hundreds of CISOs, vendor executives, their teams, and board members around the world. It reminded me of a couple of things that I want to share, as I think it applies to all of us:

  • It takes a village! Initially, I was worried, as I was moving into a role of an individual contributor. This meant that I no longer had a team to which I could delegate my many wild ideas. But I needn’t have worried. At Forrester, I’ve been supported by so many. My senior research associate Seles Sebastin and I work so closely together; she really is an extension of me when it comes to my research. I am part of a brilliant research team in Sydney led by Michael Barnes and a lovely APAC research team in the region led by Dane Anderson. I’m also part of the mighty and highly diverse global security and risk (S&R) team led by Stephanie Balaouras and Laura Koetzle. And I sometimes pretend that I’m part of the S&R FLB team. All these people have provided me with mentoring, support, guidance, and friendship and made significant contributions to my research agenda. They have also contributed to my overall happiness at work. It is so important to find your village and use it and that you become part of a village that supports others.
  • At all times, look after your physical and mental health. The #analystlife has a heavy and relentless schedule. I found it easy at times to lose creativity and be exhausted; I could see how easy it would be to burn out. This happens because we have so many demands placed on us from our clients, colleagues, sales teams and, mostly, ourselves. In my first RSA appearance as an analyst, for example, I was surprised at having 17 meetings a day; that is pretty unique to the analyst gig. So taking holidays, exercising, eating healthy food, yoga, meditation, saying no, vacations, and time with family have all been a huge part of my last 12 months. Some of these are more work in progress than others.
  • “Do what you feel you have a flair for doing, and if you are good enough at it, the money will come.” That quote by Greer Garson is so wise. It is so easy when you’re constantly in the middle of the spotlight to be distracted by what people think, the buzzwords, the ego, and other busy things. It is exactly at these times that I have had to remember my purpose. What do I love, what am I here for, and how can I best serve the community? I am extremely fortunate to be in a role that gives me the freedom to do this. I am so lucky that I am able to combine what I love, what I’m great at, being able to share that with others, and actually get paid for it. It’s one of life’s greatest privileges. I wish that everyone gets to experience this at least once in their lifetimes.

The Next 12 Months

Why am I sharing all of this? I guess, in one sense, I needed to reflect after a huge year. And also, I would love to hear your feedback. Which of my research reports/blogs/speeches have you enjoyed and want me to dig deeper into? Conversely, what should I dump or pick up? May the next 12 months be as amazing as the first.