Heidi Shey
Principal Analyst
Speaking At
Author Insights
Blog
How F5 And SonicWall Revealed The Fragility Of The Software Supply Chain
The recent breaches at F5 and SonicWall illustrate how attackers are targeting the very infrastructure that enterprises rely on to secure and deliver digital services.
Blog
Too Big To Fail, Cyber Edition
Why did the UK government extend a £1.5 billion guaranteed loan to Jaguar Land Rover after a debilitating ransomware attack? And what can your security team learn from it? Find out in this post.
Blog
CrowdStrike Fal.Con 2025: Flexing Into The Agentic AI Age
CrowdStrike held its Fal.Con 2025 conference recently and not surprisingly for a cybersecurity vendor event in 2025, AI dominated. Get our highlights and key takeaways here.
Blog
The Abyss Of The Salesloft-Salesforce Breach May Reach The Challenger Deep
Details have been trickling out about a security issue in Salesloft’s Drift product. Find out what data was compromised and what actions you can take to reduce the threat to your business.
Blog
President Trump Amends Previous Cybersecurity Executive Orders: Here Is What You Need To Know
President Trump recently issued an executive order on national cybersecurity that amended and struck several provisions in prior EOs related to cybersecurity. Here’s what security leaders need to know.
Blog
Coinbase Flips The Coin On Would-Be Extortionists
In a recent example of why managing insider risk is critical, cryptocurrency exchange Coinbase announced that it was the target of an extortion scheme enabled by insiders. Learn more about the incident and how to protect against it in this blog.
Blog
It’s Time To Start Planning Your Postquantum Migration
When will quantum computers will be able to break asymmetric cryptography and algorithms? And what steps should you take to prepare? Find out in this preview of a report on quantum security.
Blog
RSAC Conference 2025: Innovation Sandbox Turns 20
RSAC Conference 2025 featured the 20th annual Innovation Sandbox competition. Learn more about the entrants and results in this review of the event.
Blog
RSAC Conference 2025: Welcome To The Petting Zoo
From live goats and puppies to robot dogs and animal costumes, the RSAC Conference 2025 delivered some unexpected surprises. But it also delivered the usual insight into various trends in the security market today. Find out more in this RSAC review.
Blog
Global Tariffs: Dynamic Risk Management Meets Its Moment
The recent introduction of US-imposed tariffs has shaken global trade. While economists and financial analysts debate whether this on-again/off-again trade war fits into their model for geopolitical, economic, or supply chain risks, the result is the same: uncertainty and chaos sure to shake up business strategy for the foreseeable future. This new era of volatility […]
Blog
RSAC 2025 Early Stage Expo Preview: AppSec, IAM, GenAI, SecOps, And More
As we put together our game plan for what to see at RSA Conference 2025, we wanted to scope out innovation, identify which vendor booths will be a must-see, and (at least for one of us) minimize the number of steps to take around the Moscone Center.
Blog
Breaches And Lawsuits And Fines, Oh My! What We Learned, The Hard Way, From 2024
With the average cost of a data breach at $2.7 million and 33% of enterprises reporting being breached three or more times over the past 12 months, understanding and learning from past incidents is not just beneficial — it’s essential.
Blog
Quantum Security Isn’t Hype — Every Security Leader Needs It
The commercial availability of quantum computers that can compromise traditional asymmetric cryptography is still five to 10 years away. But security and risk (S&R) professionals must assess and prepare for the impact of quantum security now.
Blog
Highlights And Implications Of Biden’s Executive Order On Strengthening And Promoting Innovation In The Nation’s Cybersecurity
Forrester's security and risk research team breaks down the key highlights and implications of former US President Joe Biden’s 2025 Executive Order (EO) 14144 on strengthening security, improving accountability for software and cloud service providers, and promoting innovation, including use of emerging technologies.
Blog
Data Security: The Time Is Now To Pioneer A New Strategy
Data security is both a high priority and struggle for many organizations. Find out why and get some next steps in this preview of our upcoming Security & Risk Summit, December 9–11 in Baltimore.
Blog
Don’t Wait For A Crisis To Act
CrowdStrike's recent global incident underscores businesses' need to have robust crisis communication plans in place before a crisis occurs.
Blog
Never “Too Small For Cybercriminals”: One Town’s Cautionary Tale
In a world of Scattered Spiders and Midnight Blizzards and UNC2452s, why is Arlington’s BEC important? Because it’s happening all the time to towns, municipalities, regional health systems, and small businesses lacking the resources to prepare for such an event.
Blog
What We Can Learn From 2023’s Most Notable Breaches
Cybersecurity breaches continued to rise in 2023. Learn the eight most common incident types and get four key takeaways from our new report.
Blog
The State Of Cybersecurity Innovation: RSA Conference 2024
RSAC gives security startups two structured opportunities to distinguish themselves, and Forrester always finds it revealing to see which startups make the cut.
Blog
Forrester’s RSAC 2024 Themes, Takeaways, And Observations
More than 41,000 attendees, 600 exhibitors, and 425 sessions. Get some of the key themes and takeaways from the Forrester security & risk analysts who attended RSA Conference (RSAC) 2024.
More posts