Heidi Shey
Principal Analyst

Author Insights
Blog
Predictions 2021: The Path To A New Normal Demands Increased Cybersecurity Resilience
In 2021, culture issues, budgets, and vendor shifts will be top priorities for cybersecurity leaders. Learn more in our 2021 cybersecurity predictions.
Read More
Blog
Address Legal, Regulatory, And Operational Risks For The Return To Work
In addition to government guidelines, firms must consider a number of other factors in bringing employees back to work. Here are four areas you might not be thinking about.
Read More
Blog
RSA Conference 2020: What I’m Looking For This Year
Counting down the days! My RSA Conference schedule is set, and I’ve stocked up on hand sanitizer. Here’s my game plan: · Look for innovation in data security. I keep coming back to “the basics” of understanding data and context about data, which isn’t so basic or easy. I’ll be on the lookout for how […]
Read More
Blog
Children’s Data Privacy: What’s A Parent To Do?
Happy Data Privacy Day! What kinds of conversations do you have with friends and family about privacy? Over the holidays and through the new year, I had the topic of children’s data privacy and device use come up multiple times. This included concerns about apps, internet-connected toys, and technologies used in the classroom. The Concerns […]
Read More
Blog
The Dark Side Of Tech: Don’t Let Security Be An Enabler For Abuse
Are you a tech optimist? I generally tend to be. Yet as I read about new technology, I sometimes find myself thinking, “This is amazing! And terrifying.” As we approach the end of cybersecurity Awareness Month, I’d like to draw attention to the issue of technology-facilitated abuse. Abusers Use Technology To Control And Hold Power […]
Read More
Blog
Maintain Your Security Edge: Develop And Retain Cybersecurity Talent
Cybersecurity talent is scarce. Developing and retaining current employees can help you maintain your edge and defray expensive recruiting costs. Learn more.
Read More
Blog
Enterprise Meets Consumer Security: Exploring Approaches To Protect Employees At Home
Does your organization have a strategy for protecting employees at home as a part of your overall cybersecurity program? Something that could include, but really goes to a place that is beyond, awareness training? If You Answered “No,” You’re Not Alone Employee privacy is a big reason why not. And yet, as the connected smart […]
Read More
Blog
A Typical Day Of Analyst Life
We’re hiring! Forrester’s security and risk research team is growing and currently has four open analyst positions: identity and access management, application security, security analytics, and Zero Trust. When I speak to candidates about the analyst role, they all ask one question that I find difficult to answer: “What’s a typical day like for an […]
Read More
Blog
Cyber Catalyst Brings Minimal Value To Businesses
In late March, Marsh announced the launch of a program with a number of leading cyberinsurance firms including Allianz, AXA, Beazley, XL, and Zurich to evaluate cybersecurity products and services. Products that meet a minimum standard of criteria receive the designation of “Cyber Catalyst” for their effectiveness in reducing cyber risk. The intent is for […]
Read More
Blog
Uber’s Uber Breach: A Stunning Failure In Corporate Governance And Culture
When a breach is announced most security & risk pros are not too surprised. Yet Uber found a way to make the industry raise our collective eyebrows when it was discovered that Uber not only suffered a breach in late 2016 and failed to notify affected parties, but leadership appeared to take things a step further by engaging in a conspiracy to conceal the event by paying hush money to the hackers/extortionists and hiding it from the General Counsel […]
Read More
Blog
2016 Privacy Lessons Learned And Looking Ahead To 2017
Each year at the end of summer, several members of Forrester’s Security & Risk research team look back at publicly reported breach events and data privacy violations of the previous 12 months to spot trends and identify cases to feature where we feel there are lessons learned for S&R pros. In 2016, this was a […]
Read More
Blog
Is Breach Notification A Part Of Your Incident Response Plan?
Is customer-facing breach notification and response a part of your incident response plan? If should be! This is the part where you notify people that their information has been compromised, communicate to employees and the public about what happened and set the tone for recovery. It's more art than science, with different factors that influence […]
Read More
Blog
How Do You Set Your Company Up For Success With Data Classification?
Defining your data via data discovery and classification is the foundation for data security strategy. The idea that you must understand what data you have, where it is, and if it is sensitive data or not is one that makes sense at a conceptual level. The challenge, as usual, is with execution. Too often, data […]
Read More
Blog
Forrester Predictions: What’s In Store For Privacy In 2016?
When evaluating the top 10 critical success factors that will determine who wins and loses in the Age of the Customer in 2016, it comes as no surprise that privacy is one of them. In fact, privacy considerations and strategy augments all of the 10 critical factors to drive business success in the next 12 […]
Read More
Blog
What Does It Mean To Have Privacy As A Competitive Differentiator?
In 2015, 26% of global security decision makers consider privacy as a competitive differentiator for their organization.* But what does that even mean? And how would an organization achieve this? Last week I was out in Las Vegas for Privacy. Security. Risk. and moderated a panel on this topic. Panelists included Michael McCullough (CPO, VP, […]
Read More
Blog
Do You Have An Effective Privacy Organization?
A guest post from researcher Enza Iannopollo. Upcoming changes to privacy regulation in the EU as well as rising business awareness that effective data privacy means competitive differentiation in the market makes privacy a business priority today. And this is not only relevant for tech giants: protecting both customer and employee privacy is a business […]
Read More
Blog
Myth Or Reality: The Chief Data Officer
S&R pros, is there a Chief Data Officer (CDO) in your organization? Do you work with them? Previously, John and I wrote about the CDO role and how we believe that CDOs will help to drive security policy in the future because they can 1) directly tie business value to data assets, 2) have a […]
Read More
Blog
Infosec On The Go: What Do Your Road Warriors Know About Cybersecurity?
Did I pack socks? Check. Toothbrush? Check. Business cards, phone charger, passport? Check, check, and check. Do I know what I need to do and what not to do to protect myself, my devices and the company’s data while I’m on the road and traveling for work? [awkward silence, crickets chirping] S&R pros, how would […]
Read More
Blog
Privacy Becomes A Competitive Differentiator In 2015
We are in a golden age of data breaches – just this week, the United States Post Office was the latest casualty – and consumer attitudes about data security and privacy are evolving accordingly. If your data security and privacy programs exist just to ensure you meet compliance, you’re going to be in trouble. Data […]
Read More
Blog
S&R Pros: Use The Mobile Mind Shift And Consumer Tools To Drive The Privacy Discussion
The mobile mind shift: what is it? Forrester defines the mobile mind shift as the expectation that any desired information or service is available, on any appropriate device, in context, at a person's moment of need. It’s the reality that your customers (and employees!) live in today, where mobility isn’t just about devices or apps […]
Read More