When A Hosting Provider Becomes A Hostile Provider: The Notepad++ Compromise The Notepad++ compromise shows how a hosting provider failure turns into a software supply chain attack. CISOs can learn how to assess their exposure, validate software integrity, and run targeted thr...

When a hosting provider turns hostile your software supply chain pays. The Notepad++ compromise shows how a single utility can quietly become an enterprise wide attack path. Check out our blog where we detail the Notepad++ compromise and what to do about it here: www.forrester.com/blogs/when-a...

How To Choose A Security Platform Without Getting Burned Not all security platforms are created equal. Get five tips on how to separate real platforms from glorified product bundles.

My coauthor @jessburn.bsky.social and I just released our work on security platforms. We don't attempt to articulate all the various products that comprise a platform. Instead, we focus on the components, outcomes, and benefits platforms bring. Give the blog a read: www.forrester.com/blogs/how-to...

Then, on Thursday April 24th at 2:20 PM Eastern I'll be leading a session at the SANS Cybersecurity Leadership Summit 2025 to help CISOs think about their security program as a profit center, not a cost center. This is a free event that you can register for here: www.sans.org/cyber-securi...

Don’t Call It A Comeback: Stay Ready For Ransomware According to Forrester’s 2024 Security Survey, 25% of CISOs cite preventing and protecting against ransomware as a top strategic priority for their organization. To do this, security leaders, their te...

@hackerxbella.bsky.social and I just published a new decision tool designed for security leaders and their teams to aid in the perpetual fight against ransomware. Check out our latest blog for more! www.forrester.com/blogs/dont-c...

Proud

Top Recommendations For CISOs In 2025: Deal With Uncertainty … Again The security landscape continues to evolve, as does global uncertainty, leaving CISOs preparing for turbulence ahead.

Our annual Top Recommendations For Your Security Program just published and guess what? CISOs are staring down yet another year of uncertainty that feels a little different from the status quo. Check out the latest blog from @jeffpollard2.bsky.social and me!
www.forrester.com/blogs/top-re...

Choose Your Own MDR Adventure: Avoid The Free-For-All Of “New” MDR Services Managed detection and response (MDR) has successfully claimed the crown of all managed security services for making and keeping clients happy.

In pursuit of sustaining their success, MDR providers now offer a wild mix of services that sometimes make MDR better and other times just satisfy investors chasing growth. For more read what @jessburn.bsky.social and I just released: www.forrester.com/blogs/choose...

Breaking Down Human-Element Breaches To Improve Cybersecurity: FAQ We are thrilled to announce our research, Deconstructing Human Element Breaches, detailing the many and varied risks posed by and to humans — a problem that has plagued cybersecurity teams for decades...

What do you think of when you think of human element breaches? A member of your workforce who entered credentials into a spoofed online form? An unlocked laptop at a coffee shop? A malicious insider? Check out our blog highlighting new research: www.forrester.com/blogs/breaki...

Protect Your Customers And Your Brand From Holiday-Fueled Phishing As you increase your marketing message volume to consumers, so do those bad actors – and they’re taking advantage of generative AI tools to mimic your logo, language, and landing pages more accurately...

Happy Cyber Monday to all who celebrate! Be sure you're protecting your customers and your brand this holiday season. Check out my latest blog AND come see me next week at the Forrester S&R Summit for my workshop on protecting your workforce from social engineering. www.forrester.com/blogs/protec...