Jeff Pollard
VP, Principal Analyst

Author Insights
Blog
Mean Time Before CEO Scapegoats
A few months before I joined Forrester in 2015, I found a blog that introduced a new incident response (IR) metric written by @rickhholland: “Introducing A New Incident Response Metric: Mean Time Before CEO Apologizes (MTBCA).” Rick introduced this — not exactly tongue-in-cheek metric for IR – because the playbook was so familiar. Get breached, […]
Read More
Blog
Microsoft Is Now A Cybersecurity Behemoth
Microsoft has achieved its goal of being a mega-security vendor. For Microsoft competitors — which is almost every vendor — this also makes the company an existential threat.
Read More
Blog
Security Vendors: It’s Time To Come Clean About Intrusions
The intrusion into SolarWinds, FireEye, and multiple US government agencies continues to roil the cybersecurity world. In only a few days, a slew of additional details have emerged about the scope of the intrusions, with more surely to come. Security vendors spend all their time talking about security but not in a way that’s useful […]
Read More
Blog
The SolarWinds And US Government Breach Is Not A Marketing Opportunity
The size and scope of SolarWinds as an IT software provider and the nature of the breach announced on December 13 rocked the IT and security world — rightfully so. We’ve provided immediate, actionable advice for security and risk pros and IT leaders in our report here. While security leaders guide their companies to respond, […]
Read More
Blog
We Do Diligence: Making The MSSP Forrester Wave™ Evaluations
Security and risk pros rely on Forrester Wave™ evaluations to guide them through their purchase journey, help them understand what is and isn’t important, and help them avoid the pitfalls when identifying strategic partners. This time, our analyses focused on two vendor categories: global and midsize managed security service providers (MSSPs), a market almost 25 […]
Read More
Blog
甲骨文 (Oracle) 几乎收购了TikTok? (其实并没有)
关于甲骨文(Oracle)与TikTok交易的新闻满天飞,阅读本文了解Forrester分析师们对此事件如何解读。
Read More
Blog
Oracle Sort Of Buys TikTok (But Not Really)
Larry Ellison proves that customer acquisition cost (CAC) is no barrier in Oracle’s conquest to expand its cloud credibility and market share. The announcement is murky at the moment, but the particulars indicate that Oracle and ByteDance will enter into a technology partnership to host the US operations of TikTok. This allows TikTok to escape […]
Read More
Blog
It’s Never The Data Breach — It’s Always The Cover-Up
What CISOs can learn from the case against Uber's former chief security officer.
Read More
Blog
MSSPs Race To MDR
By the beginning of August, both of my managed security services provider (MSSP) Forrester Waves™ will be published, marking five Forrester Waves authored and 62 vendors evaluated in the MSSP space during my five years at Forrester. While Forrester Waves can be exhausting for the analyst and the vendors alike, witnessing the progression of an […]
Read More
Blog
CISOs And The Da Vinci Fallacy
The belief that security leaders must show mastery across knowledge domains is dangerous. It's also a symptom of an underlying ailment.
Read More
Blog
All CISOs Must Be Transformational CISOs Now
In January of 2020, we launched our inaugural “The Future Of The CISO” report, which identified the six types of CISOs (chief information security officers) we discovered through our research. At its release, we received copious amounts of feedback — some we had considered and some we hadn’t. While we were conducting our research, however, […]
Read More
Special Report
Employers Are A Trusted Source Of Information About Coronavirus But Face Competition From Disinformation Campaigns
New Forrester data shows employees have strong trust in their employers as a source of information about COVID-19, but infrequent employer communication can leave employees vulnerable to disinformation.
Read More
Blog
RSA Conference 2020: My Shopping List
The lead-up to RSAC 2020 has been interesting to say the least. IBM made a decision to exempt its employees from the event due to concerns about the COVID-19 pandemic; days later, RSA was acquired by a private equity firm, and there’s only a few days left before the event as this goes live. First, […]
Read More
Blog
The Future Of The CISO — Six Types Of Security Leaders
When starting a project like “The Future Of The CISO” report, it’s a daunting exercise. While we don’t always share the background inspiration for our research, this time it’s quite important and will shed some light on how we arrived here. When we started planning this research in 2018 and working on it in 2019, […]
Read More
Blog
Product Security And Surveillance Capitalism: Ring And Avast Fumble Privacy, Data Security, And Third-Party Risk
It’s been a rough couple of months for Ring. Multiple security and privacy issues have plagued the physical security device maker, it’s responded poorly by casting blame on users, and following that, the Electronic Frontier Foundation (EFF) identified that the Ring app is littered with third-party trackers. At virtually the same time, a security product […]
Read More
Blog
Employee Safety Is For Sale
New risks emerge around user location data that may have you rethinking your cybersecurity plan.
Read More
Blog
Decade Retrospective: Cybersecurity From 2010 To 2019
From the Intel-McAfee deal to the Sony Pictures breach, VP and Principal Analyst Jeff Pollard reviews the past decade’s cybersecurity highlights and lowlights.
Read More
Blog
Predictions 2020: This Time, Cyberattacks Get Personal
Read the top three cybersecurity predictions for 2020 from Forrester Research analyst Jeff Pollard.
Read More
Blog
S&R Confessional: The Time I Almost Got Hacked
Even cybersecurity experts can get fooled. Read this cautionary tale of a time when a security and risk expert almost got hacked.
Read More
Blog
Security & Risk 2019: Peering Into The Crystal Ball — Security Edition
Gaze deeply into our security & risk crystal ball: We see cybersecurity professionals succeeding and growing. We also see some hard work ahead. Learn more.
Read More