Cybersecurity Trends
Stay up-to-date on the cutting edge of cybersecurity with insights on Zero Trust, vendors, regulations, and other privacy & security topics.
Insights
Blog
Create A Cross-Functional Q-Day Team Or Suffer A Hard Day’s Night
Quantum security requirements will hit parts of the organization that you both did and did not expect, from the security team looking to upgrade its public key infrastructure (PKI) to the development team making sure that upcoming releases are quantum-safe to the infrastructure team looking at hardware refreshes and legacy internet-of-things (IoT) devices. To build out a […]
Blog
When A Hosting Provider Becomes A Hostile Provider: The Notepad++ Compromise
The detailed writeup from cybersecurity vendor Rapid7 about the Notepad++ compromise gives CISOs a clear demonstration of how a single failure in the distribution process for a widely used utility can become an enterprise-scale software supply chain event. Developers, analysts, automation engineers, researchers, IT operators, and security teams use this editor as part of their […]
AI Isn’t A Hardware Contest — It’s A Human Test
Most orgs get less than 50% ROI on AI. See how people, skills, operating models, and culture — not more tech — unlock the value your AI investments are missing.
Blog
Think Hardware Security Modules Aren’t Exciting? Think Post-Quantum Migration!
Hardware security modules (HSMs) are a key foundational security component of public key infrastructure. HSMs hold the crown-jewel keys for encryption and digital signatures and perform encryption and decryption operations on protected data and payment information. While HSMs have been in use for decades, they now play an oversized role in migrating to post-quantum security […]
Blog
Weaponized Insiders Can Result In Big Consequences
The US Department of the Treasury recently announced that it is canceling all of its contracts, reportedly valued at $21 million, with technology provider Booz Allen Hamilton (BAH) due to an insider incident that occurred between 2018 and 2020. The incident resulted in the theft of tax return data for more than 400,000 US taxpayers and the release of tax information about high-net-worth […]
Blog
Ready For Moltbot To Crack Its Shell And Spill Into Your Environment?
A formidable challenge awaits security leaders as personal tools like Moltbot spread. AI butlers are the next shadow super-user.
Blog
Mastering An Effective Executive Tabletop Exercise: Deriving Maximum Value And Impact
So you’ve decided to run an executive tabletop exercise (TTX) and pulled off the Herculean feat of getting it scheduled. Will this be a career-limiting move or career highlight? Let’s go for the latter. Done right, a good TTX will drive tremendous value for the company and garner you accolades. I have yet to do […]
Blog
CrowdStrike’s Planned Acquisition Of Seraphic Highlights The Need To Address Endpoint Risks
CrowdStrike’s move to acquire Seraphic spotlights a growing blind spot in cybersecurity: The browser has quietly become one of the riskiest — and least protected — endpoints in the enterprise. This blog reveals why legacy EDR, XDR, and network tools can’t see what’s really happening inside the browser and how Seraphic’s unique JSE‑based approach could change the game for data protection and threat detection.
Predictions 2026: Your Planning Starts Here
2026 will demand proof, not promises. Explore Forrester’s Predictions resources — guides, webinars, and blogs — to plan smarter, lead with trust, and stay ahead of disruption.
Blog
My Tips For Crushing Your Analyst Briefings And Wowing The Analyst
Former Forrester analyst Josh Zelonis blogged about how to deliver successful vendor briefings years ago. I’m updating his blog with my own thoughts as a “recovering marketer,” Forrester analyst, and research director. This blog is a collection of my top tips for briefing analysts, with contributions from other security and risk analysts.
Podcast
SolarWinds’ Lessons For CISOs, AI In B2B Sales, Shopping In Answer Engines
The holiday season is in full swing, and as retailers vie for consumer dollars, some of the biggest ones are branching out to answer engines like ChatGPT and Perplexity. In this episode, we describe what that experience looks like now and what brands should do in response. We also look at the lasting implications of a high-profile legal case for CISOs and the state of AI in B2B sales.
Blog
MITRE ATT&CK Evaluations Return: More Coverage, More Nuance
There were many big changes in this latest round. Read our breakdown and what we learned.
Blog
Tidings Of Comfort And Trust: Holiday-Season Security That Bolsters Your Brand
Make safe, reliable digital experiences as part of the value you deliver — and help keep customers coming back yearround.
Blog
Updating Our Security Champions Research To Expand And Strengthen Security
A strong security culture is the foundation of an effective security program. That’s why we’re revisiting essential research that explores how to build a security champions network, examining how security champion networks can help scale influence, embed security into everyday decisions, and foster trust across the business.
2026 APAC Predictions: The Blind Spots You Can’t Afford to Miss
Missed the live reveal? The blind spots haven’t gone anywhere. Watch the webinar replay to uncover what APAC tech and security leaders didn’t see coming — and why your 2026 roadmap may need a reset.
Blog
Insider Incidents Can Happen To Anyone
Managing insider risk requires steadfast focus, documenting policies, and following defined processes. Follow these four steps laid out in Forrester’s “Best Practices: Insider Risk Management” report to reduce insider risk.
Blog
AI Vendor Threat Research And Cybersecurity’s Cynicism Problem
For years, the security community decried the lack of transparency in public breach disclosure and communication. But when AI vendors break with old norms and publish how attackers exploit their platforms, that same community’s reaction is split. Some are treating this intelligence as a learning opportunity. Others are dismissing it as marketing noise. Unfortunately, some […]
Blog
SAFE Acquires Balbix
Cyber risk quantification (CRQ) vendor SAFE announced that it acquired unified vulnerability management vendor Balbix. The acquisition helps SAFE grow its proactive security platform. Proactive security platforms support all three principles of proactive security: visibility, prioritization, and remediation. Balbix ingests data from other vulnerability sources for visibility, prioritizes high-risk vulnerability and misconfigurations, and helps orchestrate […]
Blog
Anthropic Catches Attackers Using Agents In The Act
On November 13, AI vendor Anthropic published details about the disruption of what it characterized as an AI-led cyber espionage operation. Learn what is in Anthropic's report and get tips on how to protect against future AI-enabled attacks.
Blog
Remove Ambiguity: Measure Human Risk Management Metrics That Matter
Our latest research — Five Steps To Better Human Risk Management Metrics and The Essential List Of Human Risk Management Metrics — provides security leaders the clarity they need to measure what truly matters. I see this not as just another comprehensive metrics framework (though it is that!) — I also see it as a foundation for turning human risk management from a conversation into a movement.
Blog
Secure Vibe Coding: I’ve Done It Myself, And It’s A Paradigm, Not A Paradox
“There’s a new kind of coding I call ‘vibe coding,’ where you fully give in to the vibes, embrace exponentials, and forget that the code even exists,” said Andrej Karpathy in a post on X (formerly Twitter) back in February.
Blog
Gold Rush Or Fool’s Gold? How To Evaluate Security Tools’ Generative AI Claims
Generative AI features and products for security are gaining significant traction in the market. Knowing how to evaluate them, however, remains a mystery. What makes a good AI feature? How do we know if the AI is effective or not? These are just some of the questions I receive on a regular basis from Forrester […]
Blog
Fix Your GRC Blind Spots: Risk Lessons From The Louvre
The Louvre heist is a mirror for today’s governance, risk, and compliance gaps. Recognizing these blind spots can transform your enterprise risk efforts from decorative to defensive art. Find out how.
More posts