Jeff Pollard

VP, Principal Analyst

Author Insights

Blog

Product Management And Security Collaboration Benefits More Than Product Security

Sandy Carielli March 14, 2023
As part of Forrester’s research into securing what you sell, we have long advocated for security leaders to overlay their own activities with the rest of the product team and to engage in the product lifecycle before the product has even been defined. Last year, we reached out to product management decision-makers to learn more […]
Blog

The Pay Gap Isn’t The Only Problem For Women In CISO Roles

Jeff Pollard March 8, 2023
Last week, we published Forrester’s third CISO Career Paths report. This research involved an analysis of the career paths of Fortune 500 CISOs, looking into their education, tenures, and prior experiences of security leaders at some of the world’s largest companies. This data showcases existing trends and helps forecast what CISO roles will look like […]
Blog

2023 Security Recommendations: Protect Your Ass(ets) And Lawyer Up

Jeff Pollard March 6, 2023
Forrester recently published Top Recommendations For Your Security Program, 2023 for CISOs and other senior cybersecurity and technology leaders. This year’s overarching theme involves protection (as you might expect) — but not exactly in the way you’d think in the context of security. In 2023, our recommendations fall into three major strategic themes for security […]
Blog

Get A Head Start On The National Cybersecurity Strategy

Jeff Pollard March 2, 2023
This blog outlines Forrester’s existing Security & Risk research to help organizations navigate, manage, and prepare their organizations for the implications of the National Cybersecurity Strategy.
Blog

Five Reasons Why CISOs Should Report To CEOs

Jeff Pollard February 21, 2023
Cybersecurity problems won’t disappear, but CISOs who are elevated in the organization run better cybersecurity programs.
Blog

Great Technology Organizations Have Great Security Organizations

Sandy Carielli February 17, 2023
Forrester has been researching future fit organizations for the past few years, those organizations that have evolved their technology strategy to enable their firm’s customer-obsessed business strategy. Tech organizations fall into three tech strategy buckets: Traditional tech orgs are driven by cost, act as order-takers, and typically follow waterfall methodologies; modern tech orgs evolve to […]
Blog

NIST AI Risk Management Framework 1.0 — What It Means For Enterprises

Michele Goetz February 7, 2023
Forrester provides guidance on how to succeed with AI governance with the NIST’s AI RMF 1.0.
Blog

Groundhog Day, SEC Style: Proposed Rule On Cybersecurity Risk Governance Has All The Pain Of SOX With Fewer Financial Penalties

Alla Valente February 2, 2023
There’s a significant shift ahead for how public firms and their boards treat cybersecurity risk. The last two years increased the amount of cybersecurity oversight in terms of regulations and guidelines. Voluntary “recommendations” such as the National Institute of Standards and Technology’s guidelines for AI offer a starting point for safer use of artificial intelligence, […]
Blog

Cybersecurity Risk Dashboards: No Value, Extreme Liability

Jeff Pollard January 30, 2023
Over the last 12 months, “risk dashboards” became all the rage in cybersecurity, with varied titles such as “risk index,” “security baseline,” “security posture,” and “risk posture.” These dashboards appear in a vendor’s user interface and purport to help security programs improve. Some even offer coveted “benchmark data” that leaders can share with boards and […]
Blog

ChatGPT: Cybersecurity Ramifications Beyond Malware

Jeff Pollard January 26, 2023
Plenty of people had fun with ChatGPT when it released, but I’m not sure any industry had more fun than cybersecurity. When first released, it turned out that ChatGPT could write code, convert code from one programming language to another, and write malware. Sure, the coherent nonsense problem persisted, but overall, it produced solid stuff. […]
Blog

Beware Of “Coherent Nonsense” When Implementing Generative AI

Rowan Curran December 8, 2022
Generative AI can make doing a lot of things easier, including the wrong things. Learn the risks of AI-generated content and how to avoid them.
Blog

It’s Not You, It’s Them: Build A Resilient Cybersecurity Career

Jeff Pollard September 12, 2022
Preparing for the worst means putting loyalty aside to build a plan with your goals and growth at the center. Learn how to get started.
Blog

DuckDuckGo’s Email Protection: Another Strike Against The Surveillance Economy

Jess Burn August 31, 2022
Fresh off a yearlong beta test, DuckDuckGo moved its email protection service into an open beta. The service works across iOS and Android; browser extensions for Edge, Chrome, Firefox, and Brave; and DuckDuckGo for Mac. The service blocks trackers in emails, reducing the amount and type of data emails can send to third parties (like […]
Blog

Forget Quiet Quitting — Tech Whistleblowers Go Out With A Bang

Sara M. Watson August 26, 2022
When tech companies select people with ideals and integrity, they get people with ideals and integrity. When they behave in ways that betray those employees, they can expect rebellion.
Blog

Five Reasons To Buy A Service Before A Product

Jeff Pollard August 17, 2022
Learn why moving away from legacy thinking on products and services leads to far better outcomes.
Blog

Threat Hunting 101: A Human-Led Exercise

Jeff Pollard July 20, 2022
Here, we clear up some misconceptions about threat hunting and explain why it’s in the best interest of your team to start doing it.
Blog

Choose Apple Lockdown Mode, Choose Security

Paddy Harrington July 12, 2022
Users get to make their own choices about security and privacy when using Apple devices, not carriers, application developers, or advertisers.
Blog

If You Can Say It, You Can See It: Dall-E And You

William McKeon-White June 22, 2022
Or, “How a natural language image generation AI used as a meme generator by social media may impact your business.” Welcome To The Future — It’s Got AI-Generated Art Let’s play a quick game. Which of the below images were made by an AI system generating images based on word prompts? Let’s pretend you guessed […]
Blog

The Reaper Comes For Cyber Unicorns

Jeff Pollard June 13, 2022
While the economic downturn is in its early stages, it looks as though the hypergrowth phase of the cybersecurity vendor party has reached an abrupt end.
Blog

Microsoft Launches MDR And Hops On The Everything-As-A-Service Bandwagon

Jeff Pollard May 10, 2022
Everything-eventually-becomes-a-service which Microsoft demonstrates by launching its own version of managed detection & response. We discuss what CISOs need to know, how it will impact the market, and what to look for next.
More posts