Allie Mellen

Enterprise adoption of fine-tuned large language models is already underway, forcing cybersecurity teams to learn quickly how to protect them.

RSAC 2023 is a wrap! The Forrester security and risk team had 11 attendees at the RSA Conference last week. We really enjoyed meeting with clients and colleagues old and new — and now we’re exhausted. It’s no mystery why; as a team, we collectively participated in over 230 meetings and took more than 1.5 […]

Get a preview of the top five cybersecurity threats — established and emerging — for this year and learn how to defend against each.

Typically, security is late to the game with technology innovation. Before we get to see innovative technology, we have to wait for it to matter to security. This time, however, is different. In January, we predicted how the announcement of ChatGPT could change cybersecurity, and today, our predictions were validated again with the announcement of […]

Last week, we published Forrester’s third CISO Career Paths report. This research involved an analysis of the career paths of Fortune 500 CISOs, looking into their education, tenures, and prior experiences of security leaders at some of the world’s largest companies. This data showcases existing trends and helps forecast what CISO roles will look like […]

This blog outlines Forrester’s existing Security & Risk research to help organizations navigate, manage, and prepare their organizations for the implications of the National Cybersecurity Strategy.

Given years of cyberespionage, attacks on elections, and, more recently, the melding of kinetic and digital warfare in the Russia-Ukraine war, private sector security leaders in all industries must recognize and prepare for more brazen and frequent nation-state cyberattacks. This is the first and the foundational report in a series that will help security leaders […]

Forrester originated the Zero Trust Model over a decade ago and defines Zero Trust as: An information security model that denies access to applications and data by default. Threat prevention is achieved by only granting access to networks and workloads utilizing policy informed by continuous, contextual, risk-based verification across users and their associated devices. Zero Trust advocates […]

Over the last 12 months, “risk dashboards” became all the rage in cybersecurity, with varied titles such as “risk index,” “security baseline,” “security posture,” and “risk posture.” These dashboards appear in a vendor’s user interface and purport to help security programs improve. Some even offer coveted “benchmark data” that leaders can share with boards and […]

The security analytics platform market is moving faster than it has in years, as demonstrated by these Wave results. Though Splunk still has a tight grip on the segment, competitors are finding opportunities to loosen its hold by addressing continued dissatisfaction with outdated pricing models. Hyperscalers like Microsoft are establishing themselves as top competitors through […]

Some 14 Forrester analysts attended this year’s AWS re:Invent in Las Vegas. The conference was a mix of innovation in some areas — particularly compute and networking, along with a co-engineering approach to industry cloud — but plateaus in others, such as hybrid and edge. Efficiency and consolidation were underlying themes, from amping up AI/ML […]

The chair of the board at Women in Security and Privacy (WISP) discusses the organization's work and how companies can partner with it to foster diversity in cybersecurity.

Mischief, fright, haunting … These are just a few terms that apply to this time of year: Halloween. But these terms can also explain cyberattacks and the paranormal. Yes, we said it, cyberattacks and the paranormal, both things that go bump in the night (and often bump in the daylight, too). Both involve something that […]

Learn why an autonomous security operations center is an unrealistic vision for any security organization.

A few weeks ago, I spoke with Derek Johnson from SC Media about my experiences early on in the security industry – good and bad. While some of these moments were difficult, all of them were formative and helped me better understand the current state of the security community and industry. We are blessed with […]

Preparing for the worst means putting loyalty aside to build a plan with your goals and growth at the center. Learn how to get started.

When tech companies select people with ideals and integrity, they get people with ideals and integrity. When they behave in ways that betray those employees, they can expect rebellion.

Learn why moving away from legacy thinking on products and services leads to far better outcomes.

Here, we clear up some misconceptions about threat hunting and explain why it’s in the best interest of your team to start doing it.