It doesn’t rain; it pours. And I’m so pleased to be announcing yet another report! This time, it’s short, and it summarizes our suite of awareness, behavior, and culture research (security ABCs)! I joined Forrester 18 months ago, and we (like many in the industry) were covering and talking about all sorts of brilliant stuff (e.g., Zero Trust, security services, identity and access management, and application security). I was, still am, and always will be intensely proud of our depth and breadth of coverage. But in my honest opinion, we were not doing enough about the people side of security!

For those of you who have followed or been part of my career, you’ll know the importance I place on people and culture at the heart of any security function or program. And make no mistake, by people and culture, I don’t mean only security awareness and training, although that’s important. I’m talking about creating a security culture where everyone from the board level down to every end user is aware of their security responsibilities and supports and advocates for security.

So I started doing and writing all sorts of research, either by myself or in collaboration with some brilliant colleagues. We have now covered several aspects of building a good security culture, all the way from how to talk to the board about cybersecurity to how to harden your human firewall. Others in the team recognized the importance of the culture within the security team itself and wrote about recruitment in cybersecurity.

I have summarized all this research in the newly published report, “Research Overview: Security Awareness, Behavior, And Culture — A CISO’s Guide To Research About The People Side Of Security.” There will be a lot more coming in this space in the coming days, months, and years!