Aggregated enterprise architecture wisdom
Well, it’s happening! My first Forrester report was published this week. (Forrester clients can access here). The topic? Cyber security transformation of course! It’s what I have lived and breathed for the last 3.5 years. I have also engaged peer CISOs…
We recently published our Risk And Compliance Tech Tide report outlining 14 core technologies to track in 2018. One of the challenging parts of this research is setting the right scope. We found risk and compliance technology everywhere, covering every…
I have a good friend that has a small business (roughly 100 employees and 2 office locations, everything lives in the cloud, no real “network” to speak of) that is doing well. A few weeks ago, over barbeque and range time (some folks play golf, we sho…
I am a huge fan of Zero Trust—the simplicity of the concept resonates with clients that read the research authored previously by John Kindervag and more recently myself. The framework’s intrinsic value to security and business processes is readily evid…
The threat model has changed. Data breaches have traditionally required execution of some manner of code on a system to access data and a network connection to exfiltrate the data off the system. This is no longer the case as Spectre reduces the…
What An Interesting Start To The Year I didn’t expect the year to kick off the year with it raining iguanas in Florida, a gas pumping crisis in Oregon, or the discovery and release of two massive CPU flaws that affected many of the computers we live an…
I’m an analyst. It’s my job to formulate opinions on your product and company and provide that insight to my clients. Prior to joining Forrester, the impact analysts have on the industry was described to me this way: “I donR…
Announcing Our New Security & Risk Staffing Survey! Information security is one of the hottest fields around. Data abounds about how awesome it is to work in infosec, how many jobs are available, and how much money can be made. That all sounds grea…
The third-party ecosystem continues to flummox risk managers. Regulators keep pushing for stronger oversight, but they fail to offer real standards or tools to make this possible. What’s worse, technology and service providers have only h…
In late 2016, the security and risk team at Forrester made its annual predictions for 2017. Let’s take a quick look at how we did. Prediction No. 1: The incoming Trump administration would face a cybersecurity crisis in its first 100 days. What happene…
A common feature in the threat intelligence platform (TIP) space is aggregation of data and providing an interface for managing threat intelligence — this seems to be where the product visions diverge. While many of these platforms have been arou…
Today, we announced that Forrester.com experienced a cybersecurity incident this week. To date, our investigation has determined that the attack was limited to research reports made available to Forrester clients on Forrester.com. There is no evidence that confidential client data, financial information, or confidential employee data was accessed or exposed as part of the incident. […]