Jeff Pollard

Forrester AEGIS: The New Standard For AI Governance Explore Forrester’s AEGIS AI governance crosswalk mapping NIST AI RMF, ISO 42001, EU AI Act, OWASP, and MITRE so CISOs can prioritize high‑yield controls.

AI governance just got easier. Forrester’s AEGIS Framework crosswalks NIST, ISO 42001, EU AI Act, OWASP, and MITRE. This gives CISOs a clear path to trust and governance for AI. Forrester AEGIS: The New Standard For AI Governance here: www.forrester.com/blogs/forres...

How To Build AI Red Teams That Actually Work AI red teaming blends offensive testing and safety checks to uncover risks in models, apps, and infrastructure.

AI red teaming should be more than prompt bombing clever prompts. But today's AI red team market is a mix of products, services, and hybrid approaches that can befuddle...everyone. Here's How To Build AI Red Teams That Actually Work here: www.forrester.com/blogs/how-to...

Securing AI's M&A Feeding Frenzy Is On Explore how recent cybersecurity acquisitions are transforming AI security. Learn what CISOs must do to manage enterprise risk, vendor consolidation, and new threats like prompt injection.

$2.0+ billion dollars, 8 vendors, 8 acquisitions in 18 months. There’s a securing AI feeding frenzy happening in cybersecurity that is reshaping vendor platforms.Give this a read to find out why it matters and what it means: www.forrester.com/blogs/securi...

Vibe Hacking And No-Code Ransomware: AI’s Dark Side Is Here AI is no longer just a tool for defenders; it’s now a weapon in the hands of cybercriminals.

Vibe Hacking And No-Code Ransomware: AI’s Dark Side Is Here: Anthropic’s August 2025 Threat Intel Report is one of the most fun reads of the year. We summarize some of the key elements and offer CISOs advice on what to do about it here: www.forrester.com/blogs/vibe-h...

MCP Doesn’t Stand For Many Critical Problems…But Maybe It Should For CISOs MCP and A2A protocols power agentic AI but introduce major security risks. Learn what CISOs need to know to secure autonomous systems.

MCP Doesn’t Stand For Many Critical Problems…But Maybe It Should For CISOs www.forrester.com/blogs/mcp-do...

How To Choose A Security Platform Without Getting Burned Not all security platforms are created equal. Get five tips on how to separate real platforms from glorified product bundles.

My coauthor @jessburn.bsky.social and I just released our work on security platforms. We don't attempt to articulate all the various products that comprise a platform. Instead, we focus on the components, outcomes, and benefits platforms bring. Give the blog a read: www.forrester.com/blogs/how-to...

Zscaler Snatches Up Red Canary: The Good, The Bad, And The Concerning Zscaler acquires Red Canary, bringing MDR and Zero Trust together. Check out Forrester's analysis of the good, the bad, and the concerning.

Zscaler announces its intent to acquire Red Canary. SSE meets MDR in a platform play.

The Good: Visibility boost
The bad: Integration unknowns
The concerning: Culture clash?
Check out the full blog from us here: bit.ly/44Z9vYC

Then, on Thursday April 24th at 2:20 PM Eastern I'll be leading a session at the SANS Cybersecurity Leadership Summit 2025 to help CISOs think about their security program as a profit center, not a cost center. This is a free event that you can register for here: www.sans.org/cyber-securi...

Action packed week in webinars! In just a few minutes Merritt Maxim, Alla Valente, and I will be delivering a webinar on "Leading Through Volatility" for security leaders. Forrester clients can register here: www.forrester.com/webinar/Lead...

RSAC 2025 Early-Stage Expo Preview: AppSec, IAM, GenAI, SecOps, And More As we put together our game plan for what to see at RSA Conference 2025, we want to scope out innovation. Here's trends to know going in.

RSAC Launch Pad and Innovation Sandbox represent two major chances for new vendors to show where our industry is headed. Heidi Shey and I give you a glimpse here: RSAC 2025 Early-Stage Expo Preview: AppSec, IAM, GenAI, SecOps, And More www.forrester.com/blogs/rsac-2...

Announcing The Forrester Wave™: Managed Detection And Response Services, Q1 2025! The third installment of the Forrester Managed Detection and Response (MDR) Services Wave™ is now live. There’s so much to love about the MDR market: fantastic providers, engaged clients, and meaningf...

Finally there's a threepeat worth talking about in 2025...in this case it's me finishing and releasing the third and newest edition of the MDR Wave! Give the blog a read! Announcing The Forrester Wave™: Managed Detection And Response Services, Q1 2025! forrester.com/blogs/announ...

Choose Your Own MDR Adventure: Avoid The Free-For-All Of “New” MDR Services Managed detection and response (MDR) has successfully claimed the crown of all managed security services for making and keeping clients happy.

In pursuit of sustaining their success, MDR providers now offer a wild mix of services that sometimes make MDR better and other times just satisfy investors chasing growth. For more read what @jessburn.bsky.social and I just released: www.forrester.com/blogs/choose...