Sandy Carielli

Principal Analyst

Forrester Bio

Author Insights

Blog

Rose-Colored Glasses Hide All The Red Flags: Advice From The S&R Forrester Women’s Leadership Program

Jinan Budge 2 days ago
As has now become a Forrester Security & Risk Summit tradition, a room full of amazing women and a few brave fellas gathered last week as part of Forrester Women’s Leadership Program to celebrate the successes, and solve for the many challenges women face in this field.  The theme? “To Propel You Career In Security & Risk, Choose Your Advisers And Nuggets Of Advice Wisely.”  
Blog

Retailers: Adopt Three Application Security Technologies Now

Sandy Carielli October 29, 2024
Three application security technologies are key for retailers to adopt before the holiday season.
Blog

Let’s Debunk Some Application Threat Modeling Myths!

Sandy Carielli September 30, 2024
Application threat modeling has gotten a bad rap over the years but security leaders need to get over the myths and implement it. Learn three of the most common misconceptions around application threat modeling in this preview of a new report and session at our upcoming Security & Risk Summit.
Blog

The Shakedown From Black Hat USA, 2024

Sandy Carielli August 14, 2024
What happens when five security analysts gather at a security conference in Las Vegas? Stuff gets broke. Find out more in this review of the recent BlackHat USA event.
Blog

Not Even Banana Ball Is Immune To Bad Bots

Sandy Carielli July 1, 2024
What do the Savannah Bananas have to do with our new report on bot management and operators? Find out in this blog.
Blog

Never “Too Small For Cybercriminals”: One Town’s Cautionary Tale

Jess Burn June 25, 2024
In a world of Scattered Spiders and Midnight Blizzards and UNC2452s, why is Arlington’s BEC important? Because it’s happening all the time to towns, municipalities, regional health systems, and small businesses lacking the resources to prepare for such an event.
Blog

Fortinet Acquires Lacework

Andras Cser June 12, 2024
After a previous sale fell through, Fortinet has announced the acquisition of Lacework for an undisclosed amount, catching some customers by surprise. Get a detailed analysis of the deal including side-by-side product comparisons in this post.
Blog

Ludicrous Speed — Because Light Speed Is Too Slow To Secure Your Apps

Janet Worthington June 7, 2024
Code is being released at ludicrous speed today. But without appsec, that code has the potential to introduce significant risk. Learn some of the key trends and benefits to DevSecOps in this post.
Blog

High-Performance-IT: Sicherheitsverantwortliche treten dem Chat bei

Sandy Carielli 22 April 2024
Sie haben von High-Performance-IT gehört. Erfahren Sie jetzt, wie der CISO und die Sicherheitsorganisation in dieses neue Technologiemodell passen.
Blog

What To Know: A Retrospective Of 2023’s Top Breaches And Fines

Sandy Carielli February 28, 2024
After a retrospective review of the largest publicly reported breaches and privacy violations in 2023, here's what you need to know for 2024.
Blog

High-Performance IT: Security Enters The Chat

Sandy Carielli February 8, 2024
You've heard about high-performance IT. Now learn how the CISO and the security organization fits into this new technology model.
Blog

Are Your Bot Management Tools Up To Date For Handling The Holiday Season?

Sandy Carielli October 25, 2023
Learn why you need to meet with your bot management provider now to handle the holiday season.
Blog

Your Product Security Approach Must Evolve With Your Organization’s Technology Strategy

Sandy Carielli September 11, 2023
Learn how specific investment choices can support your security organization’s evolution and maturity.
Blog

Thales To Acquire Imperva: Building This Dream House Won’t Be Easy

Heidi Shey July 25, 2023
Thales announced its agreement to acquire Imperva from private equity firm Thoma Bravo for $3.6 billion, expecting to add $500 million of revenue and expand its data and application security offerings as a result. The overall cybersecurity portfolio will then be structured across three key areas: identity (Thales), data security (Thales and Imperva), and application […]
Blog

To Secure Kubernetes, Think Beyond Kubernetes

Sandy Carielli June 22, 2023
Kubernetes is the de facto standard for deploying and managing application workloads and containers. Lee has written quite a bit about the power of Kubernetes as an innovation platform, but while development and architecture teams are bullish on Kubernetes, security teams can find themselves scrambling to secure Kubernetes environments as they hurtle toward production. The […]
Blog

The CNAPP Product Category is Getting Crowded With Capabilities

Andras Cser May 30, 2023
Learn four key reasons why the packaging of cloud-native application protection platforms into a bundle is unnecessary and possibly even misleading.
Blog

Insights From The 2023 RSA Conference: Generative AI, Quantum, And Innovation Sandbox

Allie Mellen May 2, 2023
There's growing hype around generative AI in the security world, some of it warranted, some of it not so much. Learn more by reading the Forrester security and risk team’s key perspectives from RSAC 2023.
Blog

Avoid A Bot Waterloo

Sandy Carielli March 16, 2023
I don’t follow the Eurovision Song Contest closely, but I know that ABBA famously won decades ago with “Waterloo” and that a few other contest winners — Celine Dion, Måneskin — have achieved global success afterwards. This year, though, an article about Eurovision got my attention. It seems that tickets to the live Eurovision performances […]
Blog

Product Management And Security Collaboration Benefits More Than Product Security

Sandy Carielli March 14, 2023
As part of Forrester’s research into securing what you sell, we have long advocated for security leaders to overlay their own activities with the rest of the product team and to engage in the product lifecycle before the product has even been defined. Last year, we reached out to product management decision-makers to learn more […]
Blog

Get A Head Start On The National Cybersecurity Strategy

Jeff Pollard March 2, 2023
This blog outlines Forrester’s existing Security & Risk research to help organizations navigate, manage, and prepare their organizations for the implications of the National Cybersecurity Strategy.
More posts