It’s December, the year is almost over, and most of us will be taking the next week off, so what better way to wrap up 2022 than with a review of some of our favorite security and risk (S&R) reports from this year? I teamed up with Senior Research Associate Alexis Tatro to highlight her favorite S&R research from 2022.

We’ll start by saying that we are biased, as this is a list of reports we worked on directly and do not reflect all of the Forrester S&R team. The rest of the team also published some amazing research this year, from Assess Your Security Program With Forrester’s Information Security Maturity Model to Guard Your Competitive Edge And Maintain Trust With Data Privacy And Security.

Each of these reports are aligned to Forrester’s Defend Against Cyberattacks And Emerging Threats priority, which Alexis supports. In no particular order (we have to point this out, since some of these analysts are a bit competitive), these five reports stood out this year:

  1. Role Profile: Security Analyst. In general, role profiles are great reports. They provide a job description for a role and help identify key responsibilities. But the security analyst role profile is a personal favorite, as this role is crucial in the security operations center (SOC). Security analysts are the backbone of the SOC and the first line of defense, so hiring the right person is key. Additionally, this report highlights the need to go beyond hiring for a specific degree and to focus on coachability and disposition instead.
  2. Everything You Need To Know About The 2021 MITRE Engenuity ATT&CK Evaluations. This report is a decision tool, so the whole goal is for it to be an interactive resource that aids in decision-making. While many vendors that participate in these annual evaluations try to claim that they “won,” MITRE Engenuity ATT&CK Evaluations don’t rank security tools — they give insight into how effectively they detect, protect, and provide context into malicious behavior. This report provides a deep dive into the plethora of JSON files to understand the evaluations and what the tools are capable of, making your life just a little bit easier.
  3. The Definition Of Modern Zero Trust. It’s been over a decade since Forrester first created the Zero Trust model of information security, and since then, marketing hype co-opted the term and created confusion and misunderstanding about the definition. This report was written to provide a clear, concise definition of Zero Trust in our modern world.
  4. Analyst Experience (AX): Security Analysts Finally Escape The Shackles Of Bad UX. This report serves as a model overview, which introduces a new way to approach a problem, and it does just that. Coining a new term, analyst experience (AX), this report highlights an emerging technology trend and how security pros can understand and focus on enabling AX to find more effective security tools, build better workflows, and help security analysts make faster, more accurate decisions.
  5. Comply With Federal Zero Trust Mandates. This report was a first for Forrester’s research, a deep dive into federal Zero Trust mandates. Zero Trust has evolved from a nice-to-have to a designated imperative for US federal government agencies. This report dives into the federal mandates and how they can serve as guidelines to align to Zero Trust, mature Zero Trust projects, and achieve compliance.

Honestly, it was hard to narrow down all the reports we worked on in 2022 to a list of five. We worked on a lot and published a ton of amazing research. It makes us excited to see what 2023 has in store for us as we work on research plans for next year.

So stay in touch, keep an eye on new reports, and have a safe and healthy holiday season and a happy, prosperous, and secure New Year! We can’t wait to share more.

(written with Alexis Tatro [Bouffard], senior research associate at Forrester)