Jess Burn

So far, 2025 is filled with … distractions for security leaders. Between scrambling to secure their organizations’ AI initiatives, staying on top of critical vulnerabilities (and the organizations delivering the CVE process), perpetually communicating and training to guard against human element breaches, and navigating yet another period of uncertainty and volatility, it’s tempting to take […]

This week, we saw the CVE process, as we know it, come hours from the brink of collapse when a memo started circulating on LinkedIn that DHS would cut funding to MITRE’s CVE cataloging on April 16. MITRE’s role in the CVE process is the crucial first step in assigning IDs to vulnerabilities so that practitioners, vendors, researchers, and governments across the globe can consistently reference the same vulnerability. The process also allows for responsible disclosures and accountability for vulnerabilities to software companies.

Government agencies at the federal, state, and local levels must prepare for a future where they experience uncertainty, headcount reductions, contract cancellations, and budget cuts. This is gut-wrenchingly difficult to process, yet remaining leaders must figure out how to move forward to serve the mission. For public sector cybersecurity leaders, this is even more paramount. […]

The security landscape continues to evolve, as does global uncertainty, leaving CISOs preparing for turbulence ahead.

Managed detection and response (MDR) — without a doubt — has successfully claimed the crown of all managed security services for making and keeping clients happy.

We are thrilled to announce our new research report, Deconstructing Human-Element Breaches, detailing the many and varied risks posed by and to humans — a problem that has plagued cybersecurity teams for decades. Forrester clients can use this research as a catalyst for productive conversations with executives and peers across functions about controls to mitigate the human-element breach types most common to their organizations and industries.

Forrester's security and risk research team breaks down the key highlights and implications of former US President Joe Biden’s 2025 Executive Order (EO) 14144 on strengthening security, improving accountability for software and cloud service providers, and promoting innovation, including use of emerging technologies.

As has now become a Forrester Security & Risk Summit tradition, a room full of amazing women and a few brave fellas gathered last week as part of the Forrester Women’s Leadership Program to celebrate successes and solve for the many challenges that women face in this field. The theme? “To propel your career in security and risk, choose your advisers and nuggets of advice wisely.”

As you increase your marketing message volume this holiday shopping season, so do the bad actors using generative AI tools to mimic your logo, language, and landing pages. Learn two things you can do to help reduce your exposure in this post.

Risks posed by and to humans such as deepfakes, data exfiltration by insiders, and misuse of generative AI are expected to accelerate and become more complex. Learn how to discern and manage these human-element risks in this preview of an upcoming report.

Here are the top things you need to know coming out of CrowdStrike's recently held Fal.Con user conference, just two months after its config update took down 8.5 million Windows endpoints.

The July 19 CrowdStrike Falcon outage created major trust issues for the company and the broader security market. What's next for CrowdStrike? Find out as we make several predictions on where the company will go next.

CrowdStrike's recent global incident underscores businesses' need to have robust crisis communication plans in place before a crisis occurs.

Technology leaders woke up this morning to find that a software update by cybersecurity vendor CrowdStrike had gone badly wrong. Get updates on the steps that your organization should take now and in the long term as a result of the CrowdStrike outage.

In a world of Scattered Spiders and Midnight Blizzards and UNC2452s, why is Arlington’s BEC important? Because it’s happening all the time to towns, municipalities, regional health systems, and small businesses lacking the resources to prepare for such an event.

Choosing the right cybersecurity incident response services provider comes down to three things. Learn what they are and get a preview of our new Wave report in this blog.

Cybersecurity breaches continued to rise in 2023. Learn the eight most common incident types and get four key takeaways from our new report.

RSAC gives security startups two structured opportunities to distinguish themselves, and Forrester always finds it revealing to see which startups make the cut.

More than 41,000 attendees, 600 exhibitors, and 425 sessions. Get some of the key themes and takeaways from the Forrester security & risk analysts who attended RSA Conference (RSAC) 2024.