Jess Burn

The Forrester Wave™: Cybersecurity Skills And Training Platforms, Q1 2026 is now live, and it lands at a moment when security leaders are under real pressure to prove readiness and resilience. Automation and AI have compressed attacker timelines, blurred role boundaries across security teams, and exposed the limits of certification-first training models. What matters now […]

In February 2025, Dutch telecom operator Odido disclosed a breach affecting 6.2 million current and former customers (roughly a third of the country’s population), the largest telecom breach in Dutch history. Attackers socially engineered a call center employee into approving a fraudulent MFA request, gaining access to Odido’s Salesforce CRM environment and exfiltrating highly sensitive data […]

Security leaders entered 2026 with little expectation that uncertainty will ease … ever. Economic pressure, geopolitical instability, accelerating artificial intelligence adoption, and renewed technology consolidation have turned volatility into a structural condition rather than a temporary disruption. This is life now, and CISOs are being asked to move faster, support aggressive AI initiatives, and protect […]

In January 2026, Salesforce changed how its Marketing Cloud Engagement platform encrypts tracked email links. The fix addressed a vulnerability that could have exposed CloudPages content, such as landing pages, microsites, forms, subscriber data from preference and unsubscribe centers, and email content via web view links. But the fix created a new problem: All tracked […]

The annual RSAC Conference in San Francisco is the cybersecurity industry’s biggest event of the year. For the analysts attending, RSAC Conference week provides an opportunity to learn about cybersecurity trends and topics, meet with vendors and clients, and share our insights and observations. It’s also an excellent opportunity to meet our daily step goals […]

We have seen this pattern before, even if the specifics look different. Think back to the day AWS introduced GuardDuty, when Microsoft folded Defender for Endpoint into its enterprise licensing commitments and launched Microsoft Sentinel, or when Google acquired Mandiant and eventually Wiz. Sure, the launch of fully autonomous AI agents that can ingest entire […]

The detailed writeup from cybersecurity vendor Rapid7 about the Notepad++ compromise gives CISOs a clear demonstration of how a single failure in the distribution process for a widely used utility can become an enterprise-scale software supply chain event. Developers, analysts, automation engineers, researchers, IT operators, and security teams use this editor as part of their […]

The US Department of the Treasury recently announced that it is canceling all of its contracts, reportedly valued at $21 million, with technology provider Booz Allen Hamilton (BAH) due to an insider incident that occurred between 2018 and 2020. The incident resulted in the theft of tax return data for more than 400,000 US taxpayers and the release of tax information about high-net-worth […]

A formidable challenge awaits security leaders as personal tools like Moltbot spread. AI butlers are the next shadow super-user.

Former Forrester analyst Josh Zelonis blogged about how to deliver successful vendor briefings years ago. I’m updating his blog with my own thoughts as a “recovering marketer,” Forrester analyst, and research director. This blog is a collection of my top tips for briefing analysts, with contributions from other security and risk analysts.

Make safe, reliable digital experiences as part of the value you deliver — and help keep customers coming back yearround.

Managing insider risk requires steadfast focus, documenting policies, and following defined processes. Follow these four steps laid out in Forrester’s “Best Practices: Insider Risk Management” report to reduce insider risk.

For years, the security community decried the lack of transparency in public breach disclosure and communication. But when AI vendors break with old norms and publish how attackers exploit their platforms, that same community’s reaction is split. Some are treating this intelligence as a learning opportunity. Others are dismissing it as marketing noise. Unfortunately, some […]

What began as a collection of free or low-cost courses and labs for individual job seekers has transformed into a cornerstone of the cybersecurity training and experience ecosystem. CS&T platforms now play a critical role in continuous learning, professional development, and operational readiness — and they deserve a place in your budget and program.

Why did the UK government extend a £1.5 billion guaranteed loan to Jaguar Land Rover after a debilitating ransomware attack? And what can your security team learn from it? Find out in this post.

CrowdStrike held its Fal.Con 2025 conference recently and not surprisingly for a cybersecurity vendor event in 2025, AI dominated. Get our highlights and key takeaways here.

Details have been trickling out about a security issue in Salesloft’s Drift product. Find out what data was compromised and what actions you can take to reduce the threat to your business.

Since insider risk is more about people than PCs, security and insider risk management pros must make an unlikely new ally: their colleagues in HR. Find out how HR can help reduce insider risk in this preview of our upcoming Security & Risk Summit.

2025 marks the 28th year of Black Hat, and although it remains on the edgier side of corporate-focused cybersecurity conferences, it sometimes feels like the event is considering completely ditching its hoodie in favor of a collared shirt.