Maybe it’s the amazing talks coming up today and tomorrow at the Forrester Security & Risk (S&R) Forum or maybe I’ve watched “The Little Mermaid” with the family one time too many — either way, I was inspired to write a little ditty about the forum, sung to the tune of “Part of Your World.” Here it goes: 

“Look at these talks. Aren’t they neat? Is your security strategy really complete? Wouldn’t you think you’re the CISO, the CISO that has everything?

You’ve got buzzword bingo and perimeter security aplenty. You’ve got processes and technical debt galore. You want more security tools? Maybe even 20! But who cares? No big deal, the board wants more!

You want to be where the modern security strategies are. You wanna see, wanna see Zero Trust implemented! Implementing based on those, what do you call ’em? Oh, reference architectures!

Navigating politics, you don’t get too far. Guidance is required for implementing and executing. As you implement, you measure, what’s that word again? METRICS!

Up where you protect, where the adversaries run. Where lateral movement is used by attackers for fun. Wanderin’ free, CISOs wish they could be. Applying Zero Truuuuusssst.”

Don’t Have Zero Trust In The S&R Forum

If you haven’t heard (and I hadn’t prior to joining Forrester this year), the Forrester Security & Risk Forum is taking place on November 9 and 10 with some of the best-kept, hidden secrets to helping implement a multitude of very practical security models, practices, and other critical pieces you and your team need to defend your organization. Since joining the S&R team at the beginning of this year with some of my amazing colleagues (shout-out to Allie and Jess!), I’ve learned that organizations need extremely prescriptive advice and guidance on how to defend against both the basic and advanced attacks out there (here’s looking at you, ransomware).

I’ve also learned that beyond security tools and processes, the human element is something that almost every organization is struggling with. Organizations are trying to figure out how to retain talent and build an extremely inclusive security culture, which was something that I continuously strived to build when I was a practitioner. What you’ll be excited to know is that this year’s forum will arm you with the best ways to protect your organization using modern security models and help you pursue a culture that enables transparency and allows everyone to bring their true selves to work.

Some awesome talks to look out for are:

Zero Trust Edge: Networking, Security – 11/9 – 2:25 p.m. EST 

David Holmes and Andre Kindness combine their deep experience in networking security infrastructure for this session on Zero Trust edge (ZTE). They leaned in hard to deliver research that includes architectures to help organizations transform their environments to match Zero Trust principles. Even if you’re already on your Zero Trust journey, this talk is a must-see to understand where the convergence of security and networking makes sense and what you should consider as you transform your security architecture.

To Err Is Human; To Forgive Builds Trust – 11/9 – 3:30 p.m. EST 

Jinan Budge’s security culture research is hands down the best in the industry. That’s why you’d be remiss if you didn’t attend her talk covering why punishing employees isn’t the path to building a meaningful security culture. She bakes in anecdotes and practical tips and will help you navigate toward the path of security culture success.

Set The SOC Free: Upending The Security Operations Model For A New Era – 11/10 – 12:00 p.m. EST

Allie has set the information security world on fire with her extremely bold calls on what things like extended detection and response (XDR) are, based within the operational reality organizations are actually living. That’s why her keynote on what the future of the security operations center looks like should be on your schedule. Her research will inform what the future of your security operations program looks like for the better.

Succession Planning Is A Business Resilience Imperative – 11/10 – 2:50 p.m. EST 

Having a talent pipeline is something that I’ve traditionally seen left until the last minute when organizations are struggling to replace existing talent. Jess has extensive background in understanding and researching issues that keep security leaders up at night. Use Jess’s talk to understand the importance of succession planning and how it leads to better employee happiness among numerous other critical things.

There Is No Try: Implement Zero Trust, You Must – 11/9 – 1:35 p.m. EST 

Prepare for some new viewpoints as well as revealing new research on how Zero Trust has moved from a concept to a reality. In this talk, I ask questions like, “What side of the Force is your team or your existing security strategy channel on?” I also talk about how Zero Trust is the weapon your organization should be wielding to defeat the adversaries channeling the dark side. There’s also a side of what your new operational reality looks like after adopting a Zero Trust architecture.

This Is The Way 

This is a bite-size chunk of the larger content cookie that we have in store for you. I can promise you: This isn’t a trap! Don’t miss out on us revealing some critical research that you’ll be able to immediately apply to make your team look like they’re channeling the right side of the force.


Also, don’t miss out on the opportunity to set up one-on-one meetings or chat with a group of your peers about problems security leaders are currently dealing with. If you’ve decided to be one with the Force, head to the Forrester Security & Risk Forum page to learn more.