Jeff Pollard

VP, Principal Analyst

Forrester Bio

Jeff Pollard

Author Insights

Blog

CISOs And The Next Era Of Security Visibility: Observability

Jeff Pollard October 18, 2021
For security leaders and practitioners, it seems like developers and IT teams get all the cool toys, and security pros get stuck with the hand-me-downs. Dev was first to cloud, IT followed, and security warily joined in. IT had patch management while security just scanned to see if the patches weren’t there; and security orchestration, […]
Read More
Blog

Halloween Comes Early For Syniverse, FB, And Twitch — What We Can Learn From Their Spooky Outages Plus Breaches

Jeff Pollard October 7, 2021
As renowned ghost hunter and solver of mysteries Scooby-Doo would say, “Ruh roh, Raggy!” It looks like more than ghosts are wreaking havoc on haunted networks. We’re less than a full week into October, and Cybersecurity Awareness Month isn’t quite taking shape the way we expected. Ostensibly, orgs decided to pivot and use this time […]
Read More
Blog

Facebook’s Outage: Breaking The Ad Empire — For A Day?

Mike Proulx October 4, 2021
The Facebook ecosystem outage should remind advertisers to have proactive risk mitigation plans in place.
Read More
Blog

What Security Market Definitions Tell Practitioners

Allie Mellen September 29, 2021
One of the biggest challenges of being a security industry analyst is finding when and how to define new market segments. We both had to do this recently — Jeff with managed detection and response and Allie with extended detection and response (XDR). The most common question we get from security vendors confused as to […]
Read More
Blog

CISOs And The Trust Imperative

Jeff Pollard September 10, 2021
There is no executive role that better aligns with the trust imperative than the CISO. Find out why and how it may impact your organization directly.
Read More
Blog

Zero Trust Doesn’t Mean Zero Breaches

David Holmes June 29, 2021
We occasionally get asked this question: “Would Zero Trust have prevented [insert high-profile breach]?” The breach in question could be Equifax, SolarWinds, or the United States Office of Personnel Management. We haven’t been asked (yet) about the announcement from Microsoft this month, where they acknowledged that they were a target of, and indeed had an […]
Read More
Blog

Forrester’s List Of Ransomware Resources

Jeff Pollard June 24, 2021
With ransomware continuing as a high-impact problem (with seemingly no end in sight), we’ve put together some useful ransomware resources for security practitioners. Security and risk (S&R) pros can use these resources to help prevent, protect, detect, and respond to ransomware outbreaks. The links below are a mixture of Forrester’s own research and third-party links. […]
Read More
Blog

Revenge Of The SaaS: Mandiant Uses Services To Escape FireEye

Jeff Pollard June 3, 2021
Revenge Of The SaaS: Mandiant Dumps FEYE In a cybersecurity divorce that had fewer leading indicators than the dissolution of Kim and Kanye, Mandiant has finally untangled itself from FireEye (FEYE) by selling the product portion of the firm to Symphony Technology Group (STG) for $1.2 billion. FireEye’s history as the most “almost acquired vendor” […]
Read More
Blog

Trusted Third-Party Phish Is The Catch Of The Day

Joseph Blankenship June 2, 2021
We warn users not to click on suspicious emails and not to open emails from untrusted senders to prevent users from being phished. Sender identity is one of the filtering mechanisms in email security solutions. But what happens when a trusted sender’s email account is compromised and an attacker uses that access to send emails […]
Read More
Blog

Debunking Infosec Purity And Other Security Myths In The Wake Of Recent Attacks

Sandy Carielli May 21, 2021
Earlier this week, an op-ed published on The Hill sent information security (infosec) Twitter into a tizzy by blaming cybersecurity industry best practices for recent high-profile security breaches. For the security team at Forrester, the op-ed furthered a number of security myths that we felt compelled to bust here. Myth #1: The Best Infosec Pros […]
Read More
Blog

Biden Executive Order Bets Big On Zero Trust For The Future Of US Cybersecurity

Jeff Pollard May 13, 2021
Forrester's security team sifts through the details of the new executive order on cybersecurity and looks forward at its long-term impact.
Read More
Blog

“Winning” MITRE ATT&CK, Losing Sight Of Customers

Jeff Pollard April 22, 2021
Are the results of a MITRE ATT&CK evaluation a good gauge of a vendor's effectiveness? Maybe. Vice President and Principal Analyst Jeff Pollard explains how to use the results in your vendor analysis.
Read More
Blog

Degree Requirements Are Poisoning Your Cybersecurity Talent Pool

Steve Turner April 22, 2021
There’s no shortage of obstacles holding back folks from finding meaningful employment in the cybersecurity sector. Some of these obstacles are imposed by human resources policies and the software used to automatically scan through resumes in a game of electronic buzzword bingo, one of the most insidious of these being the requirement of a college […]
Read More
Blog

MSSP Is The Eighth Word You Can’t Say On TV

Jeff Pollard March 24, 2021
“The Forrester Wave™: Managed Detection And Response, Q1 2021” is now live — and this is a seriously impressive group of vendors. I want to give a sincere thanks to them all for the effort and work they put into it. Vendors don’t always agree on things — especially with competitors. But one thing quite […]
Read More
Blog

Mean Time Before CEO Scapegoats

Jeff Pollard March 1, 2021
A few months before I joined Forrester in 2015, I found a blog that introduced a new incident response (IR) metric written by @rickhholland: “Introducing A New Incident Response Metric: Mean Time Before CEO Apologizes (MTBCA).” Rick introduced this — not exactly tongue-in-cheek metric for IR – because the playbook was so familiar. Get breached, […]
Read More
Blog

Reflections On 2020: Cybersecurity Predictions Versus Reality

Heidi Shey February 8, 2021
You’re probably tired of hearing about 2021 cybersecurity predictions. This is something different. We’re taking a look back to what we predicted would happen in 2020 and grading our predictions. After all, why make predictions in the first place if we’re not going to reflect and assess ourselves afterward? When we make predictions, we aim to identify what is different that we think […]
Read More
Blog

Microsoft Is Now A Cybersecurity Behemoth

Jeff Pollard January 27, 2021
Microsoft has achieved its goal of being a mega-security vendor. For Microsoft competitors — which is almost every vendor — this also makes the company an existential threat.
Read More
Blog

Security Vendors: It’s Time To Come Clean About Intrusions

Jeff Pollard December 15, 2020
The intrusion into SolarWinds, FireEye, and multiple US government agencies continues to roil the cybersecurity world. In only a few days, a slew of additional details have emerged about the scope of the intrusions, with more surely to come. Security vendors spend all their time talking about security but not in a way that’s useful […]
Read More
Blog

The SolarWinds And US Government Breach Is Not A Marketing Opportunity

Jeff Pollard December 14, 2020
The size and scope of SolarWinds as an IT software provider and the nature of the breach announced on December 13 rocked the IT and security world — rightfully so. We’ve provided immediate, actionable advice for security and risk pros and IT leaders in our report here. While security leaders guide their companies to respond, […]
Read More
Blog

Bots Kept Jeff From Buying A PS5, And Sandy Had To Hear About It

Sandy Carielli November 18, 2020
It’s not that I’m not a gamer. I enjoy board games and card games: Trivial Pursuit, Settlers of Catan, SET, Hive. I’m up to level 3056 in Two Dots. As a kid, I played Super Mario Land on my brother’s Game Boy and Sonic the Hedgehog on the family Sega Genesis. But I’ve never been […]
Read More
More posts