Sandy Carielli
Principal Analyst

Author Insights
Blog
The CNAPP Product Category is Getting Crowded With Capabilities
Learn four key reasons why the packaging of cloud-native application protection platforms into a bundle is unnecessary and possibly even misleading.
Blog
Insights From The 2023 RSA Conference: Generative AI, Quantum, And Innovation Sandbox
RSAC 2023 is a wrap! The Forrester security and risk team had 11 attendees at the RSA Conference last week. We really enjoyed meeting with clients and colleagues old and new — and now we’re exhausted. It’s no mystery why; as a team, we collectively participated in over 230 meetings and took more than 1.5 […]
Blog
Avoid A Bot Waterloo
I don’t follow the Eurovision Song Contest closely, but I know that ABBA famously won decades ago with “Waterloo” and that a few other contest winners — Celine Dion, Måneskin — have achieved global success afterwards. This year, though, an article about Eurovision got my attention. It seems that tickets to the live Eurovision performances […]
Blog
Product Management And Security Collaboration Benefits More Than Product Security
As part of Forrester’s research into securing what you sell, we have long advocated for security leaders to overlay their own activities with the rest of the product team and to engage in the product lifecycle before the product has even been defined. Last year, we reached out to product management decision-makers to learn more […]
Blog
Get A Head Start On The National Cybersecurity Strategy
This blog outlines Forrester’s existing Security & Risk research to help organizations navigate, manage, and prepare their organizations for the implications of the National Cybersecurity Strategy.
Blog
2022 Breaches And Fines Offer Lessons To Security Leaders
2022 didn’t let up on the security incidents — according to Forrester’s Security Survey, 2022, 74% of security decision-makers experienced at least one data breach at their firm in the previous 12 months. As we looked at the top breaches and privacy violations of 2022 — and there was activity right up to the end […]
Blog
When It Comes To Zero Trust, Nobody Puts Appsec In A Corner
Zero Trust has seen an increase in adoption over the past few years — Forrester’s Security Survey, 2022, shows that 83% of global large enterprises are reporting that senior leadership has committed their organizations to the adoption of Zero Trust. Aspects of the Zero Trust model continue to be misunderstood, however. The industry is still […]
Blog
Great Technology Organizations Have Great Security Organizations
Forrester has been researching future fit organizations for the past few years, those organizations that have evolved their technology strategy to enable their firm’s customer-obsessed business strategy. Tech organizations fall into three tech strategy buckets: Traditional tech orgs are driven by cost, act as order-takers, and typically follow waterfall methodologies; modern tech orgs evolve to […]
Blog
Ringing In The New Year With Minimum Viable Security
Learn the benefits of implementing a minimum viable security strategy and get some clear next steps on putting it into practice at your organization.
Blog
Not So Fast — Mind QR Code Risks, Or Get Ready For Damage Control
In December 2022, a scammer in California worked up fake parking tickets with QR codes on them, directing citizens to a phishing site collecting payment card information — just one of many such recent QR code-related scams. Though QR code use surged in popularity during the COVID-19 pandemic because of customer desire for touchless interactions, QR-code risk management is not maturing at the same rate as adoption.
Blog
DevOps Theme Team: 2022 In Review And Looking Ahead To 2023
Happy holidays from the DevOps theme team! Our merry band of Forrester analysts covering enterprise architecture, infrastructure, application development, application security, and technology strategy meets periodically to share research, debate trends, and dive into breaking news. What are a few of the trends and themes that have caught our attention this year? Let’s dive in […]
Blog
Turn Away The Bots, Not Your Customers
Bot management solutions today offer a wide array of options. To know the right choice for your retail organization, know your customers.
Blog
In The Mature WAF Market, Product Offerings Continue To Expand
At first glance, the web application firewall (WAF) market — populated by long time vendors with robust partner programs, extensive supporting services, and a slew of customer engagement opportunities — may seem like a space that has topped out. However, changes in how organizations develop and deploy applications — more hybrid cloud, more APIs, more […]
Blog
To Drive Trust, Minimum Viable Product Needs Minimum Viable Security
What does minimum viable product planning have to do with security and customer trust? Find out in this preview of our upcoming Security & Risk North America event.
Blog
PerimeterX Keeps It HUMAN
In a stunner this morning, HUMAN announced that it would merge with bot management rival PerimeterX (keeping the HUMAN name for the combined company). While we have seen some web application firewall (WAF) vendors acquire bot management capabilities (F5 and Shape, Imperva and Distil), seeing two bot management vendors join forces may raise some eyebrows. […]
Blog
NIST PQ: “Lattice” Pick A Winner
Last week, we wondered if early reports indicating that NIST would announce the winners of its post-quantum cryptography competition would come to fruition anytime soon. Happily, they have. After an evaluation process that began with a call for nominations in 2016 and culled dozens of potential post-quantum (PQ) cryptographic algorithms down to seven finalists and […]
Blog
The Interminable Wait: The NIST Post-Quantum Competition
While we wait to learn the winners, here's a bit of history.
Blog
The Secure Everywhere Movement Is Here: Are You On Board?
Attacks on software supply chains are increasing. But so is awareness and spending on security.
Blog
In A Multicloud World, Web Application Firewalls Still Matter
The web application firewall market has evolved. Read this quick overview of the landscape.
Blog
Bot Management Vendors Show Progress On Diversity, Equity, And Inclusion
As previous Forrester research has shown, gender bias remains an urgent concern in cybersecurity, and issues around diversity, equity, and inclusion go far beyond gender. In the bot management world, where end users historically struggled with CAPTCHAs and other challenges that didn’t always support visual and physical impairments, having diverse voices in the room can […]
More posts