The 25-plus years of my career so far can be divided into two acts. Act I was enterprise IT, beginning with desktop support and progressing to network and security architecture at organizations ranging from small business to the Global 10. Act II opened with a move into technical alliance and ecosystem roles at security vendors and closed with roles in product and technical marketing. The throughline of both acts has been clarifying problems, thinking about the combination of technologies that provide solutions to those problems, and articulating the rationale behind and value of those decisions.

I expect that throughline to continue in Act III, now that I have joined Forrester as an analyst on the security and risk (S&R) team, focusing on Zero Trust and microsegmentation.

What Brought Me To Forrester

The cybersecurity field is more important than it has ever been because so much of what happens in the real world depends on or is influenced by what happens in the digital one. Helping to develop and implement strategy generally — realistic and practical security strategies, in particular — has always been important to me.

One of the many enduring lessons from my time at a large automotive manufacturer is that the right process produces the right result. Forrester’s focus on rigorous, actionable research offers a great opportunity to stitch both these things together in my day-to-day work in a way that will hopefully have a positive impact for Forrester clients, as well as their customers and partners.

Finding this role was both fortuitous and circuitous. The first step on my Forrester journey actually started five years ago when I applied for a different role on the S&R team and made it through a big chunk of the recruiting process but ultimately decided to zig instead of zag and took a role with a security startup. I stayed in touch with some of the amazing people I met during the first go-around, however, and was fortunate that the stars aligned when this role was announced.

How I Think About Zero Trust

I started thinking about the principles of Zero Trust around 2016, well after Forrester coined the term but before it truly became part of the zeitgeist. At the time, I was focused heavily on devices, apps, and flows as authentication and authorization subjects — especially in mixed-ownership settings. As my thinking evolved, I considered Zero Trust to be primarily a systems integration problem. Even though definitions have been revised, the applicable scope has grown, and standards have emerged, I largely still think of it that way.

While it’s easy to be cynical about Zero Trust because of its overuse in marketing — rather than as a philosophy or an “architectural school”— I believe both that it represents one of the most potentially beneficial approaches to protecting digital infrastructure and that it is actually within reach for most organizations.

With that said, implementing, extending, and refining Zero Trust remains challenging or controversial for many organizations. Even so, I’d venture to guess that every S&R pro — even those with the most Zero Trust skepticism — knows in their bones that the consistent application of the core principles of default-deny, least-privilege access, and comprehensive monitoring would markedly improve their organizations’ security posture and resilience. The principles themselves are simple, but as the author Scott Berkun says, “Simple does not mean easy.” The example he uses to illustrate the point is that running a marathon is simple: You just run 26.2 miles — but even the most well-trained athletes wouldn’t describe the preparation or the event itself as “easy.” It’s the same with Zero Trust. Just like running a marathon, the right combination of planning and focus makes it possible.

What’s Next

I’m excited to leverage and expand the existing body of Forrester research to help our clients. Whether they’re taking the first steps on their journeys, restarting stalled initiatives, or improving their overall maturity, I’m looking forward to helping clients tackle the marathon that is Zero Trust.

Forrester clients, please feel free to schedule a guidance or inquiry session to further explore my research topics and coverage areas.