It’s been a couple of months since my last blog post! A huge vacation in the UK, backed up by RSA Conference in Singapore, our Financial Services Summit back in Sydney, and then off again to the north for our Security & Risk Forum in DC have left me no chance to reflect. Between those events, I’ve run strategy days, delivered webinars and keynotes, and fielded dozens of inquiries. Oh, and I’ve also just submitted the draft for my second Asia Pacific (AP) Forrester Wave™ evaluation — four months in the making!

As I write this, I remember to pinch myself for the privilege of it all. And I want to talk about what all of this means for you! All this touring and speaking means that I also get to do a lot of listening. My engagements with vendor clients, audiences, CISOs, and our own mighty team members inspire me to no end. My brain is constantly exploding with ideas.

Some of these ideas eventually get translated into research — which brings me to my research agenda for the next three months. What can you expect to see? At last count, I will be writing or contributing to no fewer than 15 reports on a broad variety of topics:

  • A road map to Zero Trust and selling it internally. Even though everyone’s talking about Zero Trust these days, some CISOs are having difficulty understanding what it means in practical terms and how to implement it. I’m collaborating with Chase Cunningham on pragmatic issues relating to Zero Trust, such as how to create a Zero Trust road map and how to sell it internally.
  • The evolution of security awareness, behavior, and culture. Claire O’Malley and I never seem short of ideas in this space. We will shortly be releasing a CISO’s guide to creating a network of security champions, which includes building a positive culture within security teams. I’m collaborating with my colleague Heidi Shey on this research. Claire and I are also about to kick off our Wave evaluation of security awareness and training programs.
  • A CISO’s guide to working with startups. My colleague Paul McKay dragged me kicking and screaming into this research, as it was unfamiliar territory to me. But boy, am I glad he did. I spoke with a multitude of venture capital firms, startup CEOs, and CISOs in AP. I look forward to sharing this with all of you.
  • Security consulting in AP. I’ve been knee-deep in this Wave since July, and it’s almost ready to go. I’m so pleased to see how this space has evolved since I was last a consultant. Look out also for the Now Tech (the vendor landscape of this market), which is being led by my senior research associate Seles Sebastin.
  • Cybersecurity predictions for 2020. This is definitely one of my favorites among our annual research publications. I love it because I get to listen to and learn from my brilliant global colleagues’ ideas. They always completely challenge and stretch me, and they do this in predictions more than any other research because I get to listen to them being at their creative and forward-thinking best.
  • CISO leadership and strategy. I will be collaborating with Jeff Pollard and others on an update of our superstar CISO report that fleshes out the evolving nature of the CISO role and the different CISO personas we’re seeing. I’m also in the middle of finalizing a report on how CISOs lead change within the organization. Throughout my career, I’ve learned that change management can make or break a security program. This research addresses the issues of managing stakeholders and politics.

If you’d like to contribute to any of the above, please talk to me! I get so much inspiration from speaking to you.