Jess Burn

Principal Analyst

Forrester Bio

Author Insights

Blog

Forget Ghost Stories: CISOs Should Be Scared Of The SEC

Jeff Pollard October 31, 2023
The SEC plans to haunt CISOs with cybersecurity enforcement, but there might be a silver lining for CISOs in the SEC complaint.
Blog

Torch The Test: Closing The Cybersecurity Skills Gap Requires Continuous Learning

Jess Burn October 5, 2023
Learn how investing in cybersecurity skills and training (CS&T) platforms can help overcome the cybersecurity skills gap in this preview of the upcoming Forrester Security & Risk Forum.
Blog

The CISO And CIO Microsoft Security Dilemma: Fend Off Or Learn To Love?

Jeff Pollard September 28, 2023
Should CISOs fend off Microsoft to keep their preferred products or embrace consolidation? Find out in this blog.
Blog

2003 Called, And It Doesn’t Want Its Email Security Appliances Back

Joseph Blankenship August 24, 2023
Email security appliances have come a long way in the past 20 years. Learn the benefits of cloud-delivered email security.
Blog

Black Hat USA 2023: Insights From Our Short Vegas Residency

Jeff Pollard August 21, 2023
Black Hat USA 2023: Insights From Our Short Vegas Residency Black Hat has gone from being RSAC’s smaller tech and practitioner-focused cousin to being a commercial showcase for cybersecurity vendors. A tightly packed, noisy Business Hall included over 300 vendors and 400 organizations with booths, which was great for swag but bad for anyone with […]
Blog

Announcing The Forrester Wave™: Enterprise Email Security, Q2 2023

Jess Burn June 13, 2023
The Forrester Wave™: Enterprise Email Security, Q2 2023, is live! Practically dormant for a decade, the enterprise email security market has sprung to life, with mass customer migration to cloud email, rapid adoption of machine learning, and the widespread use of APIs to connect systems, bolster platforms, and share data. These aligning market forces are […]
Blog

The Pay Gap Isn’t The Only Problem For Women In CISO Roles

Jeff Pollard March 8, 2023
Last week, we published Forrester’s third CISO Career Paths report. This research involved an analysis of the career paths of Fortune 500 CISOs, looking into their education, tenures, and prior experiences of security leaders at some of the world’s largest companies. This data showcases existing trends and helps forecast what CISO roles will look like […]
Blog

2023 Security Recommendations: Protect Your Ass(ets) And Lawyer Up

Jeff Pollard March 6, 2023
Forrester recently published Top Recommendations For Your Security Program, 2023 for CISOs and other senior cybersecurity and technology leaders. This year’s overarching theme involves protection (as you might expect) — but not exactly in the way you’d think in the context of security. In 2023, our recommendations fall into three major strategic themes for security […]
Blog

Introducing The Forrester Asset Taxonomy

Carlos Casanova March 3, 2023
The definition of “asset” has broadened well beyond traditional financial boundaries in the earliest days of IT asset management. Technology stakeholders are often confused over what constitutes an asset, and the technologies to enable enterprise asset management frequently add to this confusion.
Blog

Get A Head Start On The National Cybersecurity Strategy

Jeff Pollard March 2, 2023
This blog outlines Forrester’s existing Security & Risk research to help organizations navigate, manage, and prepare their organizations for the implications of the National Cybersecurity Strategy.
Blog

2022 Breaches And Fines Offer Lessons To Security Leaders

Sandy Carielli February 24, 2023
2022 didn’t let up on the security incidents — according to Forrester’s Security Survey, 2022, 74% of security decision-makers experienced at least one data breach at their firm in the previous 12 months. As we looked at the top breaches and privacy violations of 2022 — and there was activity right up to the end […]
Blog

Announcing Forrester’s Enterprise Email Security Landscape, Q1 2023

Jess Burn February 8, 2023
What a time to be in email security! For buyers, there has never been more choice in solutions to protect your organizations. And for sellers? Well, there’s never been more of an incentive to innovate. Forrester’s just-published The Enterprise Email Security Landscape, Q1 2023 report provides an overview of 34 players in this market and […]
Blog

How CISOs Can Navigate The 2023 Downturn

Jess Burn January 30, 2023
CISOs must use this period of austerity to reinforce security as a core competency that drives growth and protects revenue.
Blog

Cybersecurity Risk Dashboards: No Value, Extreme Liability

Jeff Pollard January 30, 2023
Over the last 12 months, “risk dashboards” became all the rage in cybersecurity, with varied titles such as “risk index,” “security baseline,” “security posture,” and “risk posture.” These dashboards appear in a vendor’s user interface and purport to help security programs improve. Some even offer coveted “benchmark data” that leaders can share with boards and […]
Blog

External Attack Surface Management Finds Assets That Your Org Can’t See

Erik Nost January 18, 2023
The External Attack Surface Management Landscape, Q1 2023 is now available! Forrester clients can view the report to dive deeper into the benefits of EASM and key functionalities to assess when selecting an EASM vendor. As Jess Burn and I finalized this report, we couldn’t help but think that organizations that are blind to what’s […]
Blog

Leadership: Don’t Make It Harder Than It Is — Perspectives From A Former CISO/CSO

David Levine January 9, 2023
I’m kicking off my blog series, “Perspectives From A Former CISO,” with my thoughts on leadership. The series will pull from my experiences as a CISO and those of my peers. To be clear, I don’t purport to have the all the answers but did learn a thing to two during my tenure leading teams […]
Blog

Acknowledging Our Love-Hate Relationship With Security Certifications

Jess Burn November 2, 2022
Security certifications don’t make you a better practitioner, they make you a better candidate. Experience and continued training and upskilling takes over from there. How do we reconcile this?
Blog

CISA Releases Directives On Asset Discovery And Vulnerability Enumeration

Erik Nost October 4, 2022
The Cybersecurity & Infrastructure Security Agency (CISA) kicked off Cybersecurity Awareness Month with a bang yesterday, with its latest binding operational directive that requires federal agencies to account for a complete inventory of assets and vulnerabilities. In past CISA coverage, we recommended that organizations doing business with the federal government, looking to maintain good cyber […]
Blog

Cyber Grant Program Is Welcome News For Small Governments

Erik Nost September 21, 2022
Local governments have become frequent targets of cyber attacks, and funding and planning for preventing for more attacks have been left largely to the local level. A new initiative is changing that.
Blog

Apple’s BIMI Support = Time To Get Serious About DMARC Enforcement

Jess Burn September 19, 2022
Learn how Apple's latest announcement will make inboxes safer and what's required to reach DMARC enforcement.
More posts