Jeff Pollard

VP, Principal Analyst

Forrester Bio

Jeff Pollard

Author Insights

BLOG

Predictions 2020: This Time, Cyberattacks Get Personal

Jeff Pollard October 30, 2019
Read the top three cybersecurity predictions for 2020 from Forrester Research analyst Jeff Pollard.
Read More
BLOG

S&R Confessional: The Time I Almost Got Hacked

Jeff Pollard October 15, 2019
Even cybersecurity experts can get fooled. Read this cautionary tale of a time when a security and risk expert almost got hacked.
Read More
BLOG

Security & Risk 2019: Peering Into The Crystal Ball — Security Edition

Jeff Pollard August 27, 2019
Gaze deeply into our security & risk crystal ball: We see cybersecurity professionals succeeding and growing. We also see some hard work ahead. Learn more.
Read More
BLOG

Take A Stand For Consumer Privacy: The Anti-Surveillance Economy

Jeff Pollard April 12, 2019
Consumer data misuse has lit up the headlines and eroded trust. From the ashes of these corporate scandals will rise a new industry: the anti-surveillance economy. Read what this means for companies that monetize consumer data.
Read More
BLOG

Our Security Recommendations Will Help You Handle The Worst Of What 2019 Throws At You

Jeff Pollard March 25, 2019
Today we released our 2019 security & risk recommendations report. We collected contributions from our colleagues across the Forrester security & risk team to identify the most important actions security leaders should take in 2019. Turns out, things are getting better for S&R pros, but challenges still remain. Security leaders have earned board-level visibility, privacy […]
Read More
BLOG

Marriott Breach: Starwood Hacker Gains Access To 500 Million Customer Records

Jeff Pollard November 30, 2018
Another Friday, Another Breach Announcement Today, Marriott announced that it uncovered four-plus years of a previously unknown, unexpected, and unauthorized data breach that includes travel details, passport numbers, and credit card data. Five hundred million customers found out this morning when Marriott announced a multiyear breach dating back to 2014. Longstanding defects in Starwood’s database and network […]
Read More
BLOG

The Fight For Cybersecurity Brand Dominance Intensifies

Jeff Pollard November 16, 2018
“Everything Is An Endpoint” Brings BlackBerry Back From The Dead For many, the fact that BlackBerry still exists — and the fact that it spent $1.4 billion of the $2.4 billion in capital it had — is the most surprising part of the Cylance acquisition. BlackBerry hasn’t shirked its mythological status as the case study of what […]
Read More
BLOG

Early Horror Stories Of The Data Economy

Jeff Pollard May 3, 2018
When salacious tales of Cambridge Analytica’s activities emerged in 2018, we thought the company was finished. The many on-air discussions of illegal activities, law enforcement warrants, legal action threats from partners, and questionable ethics appeared to doom it. We then saw multiple suspensions and resignations, and on May 2, Cambridge Analytica announced it would file […]
Read More
BLOG

The Buyer’s Guide To Cybersecurity Services

Jeff Pollard March 13, 2018
During every Forrester Wave™ evaluation I conduct, I spend time sifting through vendor responses, data, client surveys, and reference interviews and develop an outline of recurring themes — the good, the bad, the new, the old, etc. After the Wave goes live, I collect all of that information, bundle it together, and produce a “Lessons” […]
Read More
BLOG

Kicking Off The New Year With A MELTDOWN

Jeff Pollard January 5, 2018
What An Interesting Start To The Year I didn’t expect the year to kick off with it raining iguanas in Florida, a gas pumping crisis in Oregon, or the discovery and release of two massive CPU flaws that affected many of the computers we live and work with every day. It appears 2018 has started […]
Read More
BLOG

Inside Infosec Teams

Jeff Pollard November 16, 2017
Announcing Our New Security & Risk Staffing Survey! Information security is one of the hottest fields around. Data abounds about how awesome it is to work in infosec, how many jobs are available, and how much money can be made. That all sounds great, except it’s pretty hard to find great research on what it’s […]
Read More
BLOG

The B2B Breach Trifecta: Equifax, SEC, and Deloitte

Jeff Pollard September 25, 2017
The B2B Breach Trifecta: Equifax, SEC, and Deloitte As rumors emerged this morning about a compromise of consulting firm Deloitte, this becomes the third breach announced in just a few short weeks of organizations that share a similar profile: Each one is primarily – or exclusively – a B2B organization. There are some questions worth […]
Read More
BLOG

Equifax Does More Than Credit Scores

Jeff Pollard September 8, 2017
Our reaction to the Equifax breach was similar to what we imagine many people went through. First, we wanted to know if we were affected. Second, what about our spouse and other immediate family members? Third, better keep an eye on the old credit report or initiate a credit freeze. Since Forrester offers credit monitoring […]
Read More
BLOG

Applying Our Research To Black Hat 2017

Jeff Pollard July 24, 2017
I summarized RSA 2017 in the following way: It’s a bit like the supermarket; you’ll make far healthier choices if you stick to the outer aisles. Well, Las Vegas B-Sides, Black Hat, and DefCon are taking place this week, and since these events differ in tone, audience, and participants, I’ve updated my advice: We’ve gone […]
Read More
BLOG

Victim Blaming Won’t Stop Global Ransomware Attacks

Jeff Pollard June 27, 2017
The security industry has an accountability crisis. It’s time to talk about it, then fix it. Whenever a massive cyber attack occurs inevitably a chorus of voices rises to blame the victims. WannaCry on 5/12 and Petya on 6/27 yet again kicked off the familiar refrains of: “If users didn’t click on stuff they shouldn’t….” […]
Read More
BLOG

Massive Ransomware Outbreak Highlights Need For A Digital Extortion Decision Tree

Jeff Pollard May 12, 2017
5/12/2017 might be another day of cyber-infamy based on malware as hospitals and critical infrastructure providers are locked out of their machines due to what appears to be a new variant of ransomware dubbed WannaCry spreading through corporate networks. Like the ransomware outbreaks in mid-2016 here in the US, NHS hospitals are experiencing patient care […]
Read More
BLOG

NIST Is Jealous That PCI (Still) Matters More Than It Does

Jeff Pollard May 11, 2017
The summary of the new Executive Order is a bit of a letdown: Government agencies must complete a risk management report within 90 days. The risk report should align with NIST. Outside of those with a risk fetish, this new EO probably isn’t that exciting from the perspective of any near-term cybersecurity transformation. That said, […]
Read More
BLOG

Exploring The IoT Attack Surface

Jeff Pollard October 13, 2016
Merritt Maxim and I just published our research on the IoT Attack Surface. This report gives a realistic, but not sensationalized, view of how enterprises need to think about IoT. Three factors motivated our research for this topic – attacks on IoT will transcend the digital-physical divide, the sheer scale of IoT will challenge security […]
Read More
BLOG

Automated Malware Analysis Technologies Central To Defense Strategies

Jeff Pollard April 21, 2016
"The most important security alerts we see." That’s how one customer described the importance of Automated Malware Analysis technologies in their security workflow. After months of demonstrations, reference calls, and analysis we are thrilled that The Forrester Wave™: Automated Malware Analysis, Q2 2016 is live! Many clients we talked to used multiple vendors to analyze […]
Read More