3 months, 14 days ago

CYBER SECURITY TRANSFORMATION IS A THING, AND IT NEEDS PERSONAL AND RELENTLESS DRIVE

Well, it’s happening! My first Forrester report was published this week. (Forrester clients can access here). The topic? Cyber security transformation of course! It’s what I have lived and breathed for the last 3.5 years. I have also engaged peer CISOs…

5 months, 13 days ago

Risk Tech, Reg Tech – All The 2018 Tech

We recently published our Risk And Compliance Tech Tide report outlining 14 core technologies to track in 2018. One of the challenging parts of this research is setting the right scope. We found risk and compliance technology everywhere, covering every…

9 months, 10 days ago

Zero Trust on a Beer Budget

I have a good friend that has a small business (roughly 100 employees and 2 office locations, everything lives in the cloud, no real “network” to speak of) that is doing well.  A few weeks ago, over barbeque and range time (some folks play golf, we sho…

1 year, 2 days ago

Lacking Smart Third-Party Risk Regulation, JP Morgan Chase, Bank of America, Wells Fargo, And American Express Create Company, TruSight

  The third-party ecosystem continues to flummox risk managers. Regulators keep pushing for stronger oversight, but they fail to offer real standards or tools to make this possible. What’s worse, technology and service providers  have only h…

1 year, 8 days ago

TIP of the Iceberg: Research Announcement on Threat Intel Platforms

A common feature in the threat intelligence platform (TIP) space is aggregation of data and providing an interface for managing threat intelligence — this seems to be where the product visions diverge. While many of these platforms have been arou…

1 year, 1 month ago

Forrester.com Experienced A Cybersecurity Incident

Today, we announced that Forrester.com experienced a cybersecurity incident this week. To date, our investigation has determined that the attack was limited to research reports made available to Forrester clients on Forrester.com. There is no evidence that confidential client data, financial information, or confidential employee data was accessed or exposed as part of the incident. […]