Allie Mellen
@hackerxbella.bsky.social
Principal analyst @Forrester bringing cyberattacks into the context of today's biggest global events
infosec, opinionated human
https://hackerxbella.substack.com/
infosec, opinionated human
https://hackerxbella.substack.com/
great piece in ITBrew by Billy Hurley, looking back a year later - www.itbrew.com/stories/2025...
How did CrowdStrike’s outage impact IT teams?
The impacts of last year’s CrowdStrike disruption from IT pros who experienced it.
www.itbrew.com
November 12, 2025 at 1:58 PM
great piece in ITBrew by Billy Hurley, looking back a year later - www.itbrew.com/stories/2025...
Sometimes, GenAI features are useful. Others are useless, and worse, sometimes just wrong. 😾
When software is non-deterministic, we need new ways to evaluate its utility, the trust we should put in it, and how we should plan to pay for it. Read more:
www.forrester.com/blogs/gold-r...
When software is non-deterministic, we need new ways to evaluate its utility, the trust we should put in it, and how we should plan to pay for it. Read more:
www.forrester.com/blogs/gold-r...
Gold Rush Or Fool’s Gold? How To Evaluate Security Tools’ Generative AI Claims
Generative AI features and products for security are gaining significant traction in the market. Knowing how to evaluate them, however, remains a mystery. What makes a good AI feature? How do we know ...
www.forrester.com
October 27, 2025 at 3:43 PM
Sometimes, GenAI features are useful. Others are useless, and worse, sometimes just wrong. 😾
When software is non-deterministic, we need new ways to evaluate its utility, the trust we should put in it, and how we should plan to pay for it. Read more:
www.forrester.com/blogs/gold-r...
When software is non-deterministic, we need new ways to evaluate its utility, the trust we should put in it, and how we should plan to pay for it. Read more:
www.forrester.com/blogs/gold-r...
Reposted by Allie Mellen
Super weird framing by the Secret Service. They found a SIM card farm, which is typically used by criminals to anonymously send calls and texts. They issued a press release claiming "it could have shut down the entire NY cell network during the UN general assembly" which is some serious FUD.
September 23, 2025 at 3:13 PM
Super weird framing by the Secret Service. They found a SIM card farm, which is typically used by criminals to anonymously send calls and texts. They issued a press release claiming "it could have shut down the entire NY cell network during the UN general assembly" which is some serious FUD.
There are big differences between invoking AI in an application, building an AI agent, and building an agentic system.
These terms are being conflated, and it’s confusing the market at a time when we ALL need to understand this stuff. Read our explainer:
www.forrester.com/blogs/your-t...
These terms are being conflated, and it’s confusing the market at a time when we ALL need to understand this stuff. Read our explainer:
www.forrester.com/blogs/your-t...
www.forrester.com
September 23, 2025 at 4:31 PM
There are big differences between invoking AI in an application, building an AI agent, and building an agentic system.
These terms are being conflated, and it’s confusing the market at a time when we ALL need to understand this stuff. Read our explainer:
www.forrester.com/blogs/your-t...
These terms are being conflated, and it’s confusing the market at a time when we ALL need to understand this stuff. Read our explainer:
www.forrester.com/blogs/your-t...
💥 SURVEY REMINDER: If you have not filled out our research survey on how generative AI is and will be used in security tools, PLEASE DO SO!! 💥
Deadline is THIS FRIDAY!!
forrester.co1.qualtrics.com/jfe/form/SV_...
Deadline is THIS FRIDAY!!
forrester.co1.qualtrics.com/jfe/form/SV_...
Qualtrics Survey | Qualtrics Experience Management
The most powerful, simple and trusted way to gather experience data. Start your journey to experience management and try a free account today.
forrester.co1.qualtrics.com
August 25, 2025 at 5:46 PM
💥 SURVEY REMINDER: If you have not filled out our research survey on how generative AI is and will be used in security tools, PLEASE DO SO!! 💥
Deadline is THIS FRIDAY!!
forrester.co1.qualtrics.com/jfe/form/SV_...
Deadline is THIS FRIDAY!!
forrester.co1.qualtrics.com/jfe/form/SV_...
Reposted by Allie Mellen
New: Workday disclosed a data breach affecting a third-party customer database, likely Salesforce.
Workday hasn't explicitly ruled out a breach of customer info, but says the data includes contact information.
(FYI, Workday has hidden its breach notice from search engines using "noindex" code.)
Workday hasn't explicitly ruled out a breach of customer info, but says the data includes contact information.
(FYI, Workday has hidden its breach notice from search engines using "noindex" code.)
HR giant Workday says hackers stole personal data in recent breach | TechCrunch
The HR tech giant said it had no indication of any unauthorized access to customer systems, but has not ruled out a breach affecting customers' personal information.
techcrunch.com
August 18, 2025 at 1:10 PM
New: Workday disclosed a data breach affecting a third-party customer database, likely Salesforce.
Workday hasn't explicitly ruled out a breach of customer info, but says the data includes contact information.
(FYI, Workday has hidden its breach notice from search engines using "noindex" code.)
Workday hasn't explicitly ruled out a breach of customer info, but says the data includes contact information.
(FYI, Workday has hidden its breach notice from search engines using "noindex" code.)
🚨HELP our latest Generative AI in security tools research! 🚨
VENDORS, complete this survey!
PRACTITIONERS, if you are building genAI tools for your team or using them and want to tell us about it, message me!
forrester.co1.qualtrics.com/jfe/form/SV_bQ…
VENDORS, complete this survey!
PRACTITIONERS, if you are building genAI tools for your team or using them and want to tell us about it, message me!
forrester.co1.qualtrics.com/jfe/form/SV_bQ…
https://forrester.co1.qualtrics.com/jfe/form/SV_bQ…
August 18, 2025 at 2:26 PM
🚨HELP our latest Generative AI in security tools research! 🚨
VENDORS, complete this survey!
PRACTITIONERS, if you are building genAI tools for your team or using them and want to tell us about it, message me!
forrester.co1.qualtrics.com/jfe/form/SV_bQ…
VENDORS, complete this survey!
PRACTITIONERS, if you are building genAI tools for your team or using them and want to tell us about it, message me!
forrester.co1.qualtrics.com/jfe/form/SV_bQ…
Just had another great conversation with @cloudsecuritypod.bsky.social !! Stay tuned for when it drops
August 7, 2025 at 6:27 PM
Just had another great conversation with @cloudsecuritypod.bsky.social !! Stay tuned for when it drops
@microsoft.com announced two new features in Sentinel today.
1) Data Lake for low-cost, long-term storage to help manage Sentinel costs
2) MDTI will be included in Sentinel and Defender XDR at no additional cost later this year
Read more - www.forrester.com/blogs/drowni...
1) Data Lake for low-cost, long-term storage to help manage Sentinel costs
2) MDTI will be included in Sentinel and Defender XDR at no additional cost later this year
Read more - www.forrester.com/blogs/drowni...
Drowning In Security Data Costs? You Get A Data Lake
Get tips on how data lakes can help manage growing data costs in the security information and event management (SIEM) system.
www.forrester.com
July 23, 2025 at 2:32 PM
@microsoft.com announced two new features in Sentinel today.
1) Data Lake for low-cost, long-term storage to help manage Sentinel costs
2) MDTI will be included in Sentinel and Defender XDR at no additional cost later this year
Read more - www.forrester.com/blogs/drowni...
1) Data Lake for low-cost, long-term storage to help manage Sentinel costs
2) MDTI will be included in Sentinel and Defender XDR at no additional cost later this year
Read more - www.forrester.com/blogs/drowni...
I'm very excited to announce that the Forrester Wave: Security Analytics Platforms 2025 is now LIVE! 💥 💥 💥
Read the blog (and the full report!) here: www.forrester.com/blogs/announ...
Read the blog (and the full report!) here: www.forrester.com/blogs/announ...
Announcing The Forrester Wave™: Security Analytics Platforms, 2025 – The SIEM Vs XDR Fight Intensifies
The Forrester Wave™: Security Analytics Platforms, Q2 2025 published today and illustrates the dramatic changes this market is undergoing as legacy SIEM vendors are locked in heated competition with s...
www.forrester.com
June 24, 2025 at 1:32 PM
I'm very excited to announce that the Forrester Wave: Security Analytics Platforms 2025 is now LIVE! 💥 💥 💥
Read the blog (and the full report!) here: www.forrester.com/blogs/announ...
Read the blog (and the full report!) here: www.forrester.com/blogs/announ...
Reposted by Allie Mellen
Is the SOC of the future autonomous?
That’s the question we tackled with Tines CEO Eoin Hinchy and guest speaker Forrester’s @hackerxbella.bsky.social in a recent webinar - and the discussion didn’t stop there.
Read our follow-up Q&A:
www.tines.com/blog/autonom...
That’s the question we tackled with Tines CEO Eoin Hinchy and guest speaker Forrester’s @hackerxbella.bsky.social in a recent webinar - and the discussion didn’t stop there.
Read our follow-up Q&A:
www.tines.com/blog/autonom...
Is the future of the SOC autonomous? A Q&A with Forrester's Allie Mellen | Tines
Allie Mellen, Principal Analyst at Forrester Research, answers follow-up questions on the future of SOC automation and the role of genAI.
www.tines.com
May 22, 2025 at 1:31 PM
Is the SOC of the future autonomous?
That’s the question we tackled with Tines CEO Eoin Hinchy and guest speaker Forrester’s @hackerxbella.bsky.social in a recent webinar - and the discussion didn’t stop there.
Read our follow-up Q&A:
www.tines.com/blog/autonom...
That’s the question we tackled with Tines CEO Eoin Hinchy and guest speaker Forrester’s @hackerxbella.bsky.social in a recent webinar - and the discussion didn’t stop there.
Read our follow-up Q&A:
www.tines.com/blog/autonom...
Today on the latest breach: the Florida bill failed to pass, but encryption is still under attack. Here's why we need to protect it (for your own privacy!):
open.substack.com/pub/hackerxb...
open.substack.com/pub/hackerxb...
Protecting your privacy goes hand in hand with protecting encryption
Don't willingly take the locks off your house.
open.substack.com
May 20, 2025 at 1:10 PM
Today on the latest breach: the Florida bill failed to pass, but encryption is still under attack. Here's why we need to protect it (for your own privacy!):
open.substack.com/pub/hackerxb...
open.substack.com/pub/hackerxb...
Reposted by Allie Mellen
@hackerxbella.bsky.social and I just published a new decision tool designed for security leaders and their teams to aid in the perpetual fight against ransomware. Check out our latest blog for more! www.forrester.com/blogs/dont-c...
Don’t Call It A Comeback: Stay Ready For Ransomware
According to Forrester’s 2024 Security Survey, 25% of CISOs cite preventing and protecting against ransomware as a top strategic priority for their organization. To do this, security leaders, their te...
www.forrester.com
April 23, 2025 at 2:13 AM
@hackerxbella.bsky.social and I just published a new decision tool designed for security leaders and their teams to aid in the perpetual fight against ransomware. Check out our latest blog for more! www.forrester.com/blogs/dont-c...
We just released our latest research: Top Cybersecurity Threats for 2025!
Read the blog and full report for more info on these threats and what to do about it: www.forrester.com/blogs/forres...
Read the blog and full report for more info on these threats and what to do about it: www.forrester.com/blogs/forres...
Forrester’s Top Threats For 2025
2025 started with a bang! Technology and geopolitics are changing faster than many can keep track. There’s an announcement of a new, benchmark-shattering generative AI seemingly every week. Planned jo...
www.forrester.com
April 16, 2025 at 5:05 PM
We just released our latest research: Top Cybersecurity Threats for 2025!
Read the blog and full report for more info on these threats and what to do about it: www.forrester.com/blogs/forres...
Read the blog and full report for more info on these threats and what to do about it: www.forrester.com/blogs/forres...
On The Latest Breach: stand up for other Americans. @thekrebscycle.bsky.social is not a bad faith actor, he's a patriot.
hackerxbella.substack.com/p/chris-kreb...
hackerxbella.substack.com/p/chris-kreb...
April 15, 2025 at 1:35 PM
On The Latest Breach: stand up for other Americans. @thekrebscycle.bsky.social is not a bad faith actor, he's a patriot.
hackerxbella.substack.com/p/chris-kreb...
hackerxbella.substack.com/p/chris-kreb...
Last week, I spoke at the C2 conf on genAI in security tools. 🤖
The themes of the event were timely and provoked interesting discussion: artificial intelligence, supply chain security, and cyber hygiene. Read my thoughts on each in my latest blog -
www.forrester.com/blogs/genera...
The themes of the event were timely and provoked interesting discussion: artificial intelligence, supply chain security, and cyber hygiene. Read my thoughts on each in my latest blog -
www.forrester.com/blogs/genera...
Generative AI Innovation In Security Tools Is Finally Getting Interesting
Last week, I spoke at the C2 conference in London. The C2 conference is an invite-only threat intelligence conference run by the team at SE Labs. The core themes of the event were timely and provoked ...
www.forrester.com
April 2, 2025 at 4:48 PM
Last week, I spoke at the C2 conf on genAI in security tools. 🤖
The themes of the event were timely and provoked interesting discussion: artificial intelligence, supply chain security, and cyber hygiene. Read my thoughts on each in my latest blog -
www.forrester.com/blogs/genera...
The themes of the event were timely and provoked interesting discussion: artificial intelligence, supply chain security, and cyber hygiene. Read my thoughts on each in my latest blog -
www.forrester.com/blogs/genera...
new latest breach is out! this week on attribution hackerxbella.substack.com/p/attributin...
Attributing cyberattacks to a specific actor is harder than it looks
Patience is a virtue and can prevent an international incident
hackerxbella.substack.com
March 18, 2025 at 12:56 PM
new latest breach is out! this week on attribution hackerxbella.substack.com/p/attributin...
Reposted by Allie Mellen
Security tools claim high detection rates, but what’s the real cost? Let's unpack the latest @attack.mitre.org Evaluations, why alert volume matters, and how detection engineering improves security outcomes.
🎧 youtu.be/tE1SFwo_jEw
#Cybersecurity #MITREATTACK #SecurityOps @hackerxbella.bsky.social
🎧 youtu.be/tE1SFwo_jEw
#Cybersecurity #MITREATTACK #SecurityOps @hackerxbella.bsky.social
Teaser: The Cybersecurity Exodus Problem
YouTube video by ITSPmagazine
youtu.be
March 17, 2025 at 3:22 PM
Security tools claim high detection rates, but what’s the real cost? Let's unpack the latest @attack.mitre.org Evaluations, why alert volume matters, and how detection engineering improves security outcomes.
🎧 youtu.be/tE1SFwo_jEw
#Cybersecurity #MITREATTACK #SecurityOps @hackerxbella.bsky.social
🎧 youtu.be/tE1SFwo_jEw
#Cybersecurity #MITREATTACK #SecurityOps @hackerxbella.bsky.social
The Blob strikes again! The latest cybersecurity buzzword? Agentic AI 🤖
Read how @forrester defines agentic AI and how it will apply to security teams here:
www.forrester.com/blogs/cybers...
Read how @forrester defines agentic AI and how it will apply to security teams here:
www.forrester.com/blogs/cybers...
Cybersecurity’s Latest Buzzword Has Arrived: What Agentic AI Is And Isn’t
Cybersecurity vendors have come out of the woodwork in the past few months to announce their “agentic AI” innovations. These include vendors like Swimlane, ReliaQuest, Dropzone AI, Intezer, and others...
www.forrester.com
March 12, 2025 at 2:19 PM
The Blob strikes again! The latest cybersecurity buzzword? Agentic AI 🤖
Read how @forrester defines agentic AI and how it will apply to security teams here:
www.forrester.com/blogs/cybers...
Read how @forrester defines agentic AI and how it will apply to security teams here:
www.forrester.com/blogs/cybers...
A new The Latest Breach is live, and today we tackle the changes at the VA and its impact on cybersecurity hackerxbella.substack.com/p/veterans-a...
Veterans are some of the most valuable cybersecurity talent
and that pipeline is going to dwindle more than it ever has
hackerxbella.substack.com
March 11, 2025 at 1:04 PM
A new The Latest Breach is live, and today we tackle the changes at the VA and its impact on cybersecurity hackerxbella.substack.com/p/veterans-a...
Reposted by Allie Mellen
📣 💥 📣 CALLING SOC ANALYSTS, INCIDENT RESPONDERS, DETECTION ENGINEERS! 📣 💥 📣 We want to hear from YOU!
We are researching Analyst Experience to see what is working and not working in the SOC. PLEASE take 10 min to fill out the survey so we can improve it!
forrester.co1.qualtrics.com/jfe/form/SV_...
We are researching Analyst Experience to see what is working and not working in the SOC. PLEASE take 10 min to fill out the survey so we can improve it!
forrester.co1.qualtrics.com/jfe/form/SV_...
Qualtrics Survey | Qualtrics Experience Management
The most powerful, simple and trusted way to gather experience data. Start your journey to experience management and try a free account today.
forrester.co1.qualtrics.com
March 5, 2025 at 4:07 PM
📣 💥 📣 CALLING SOC ANALYSTS, INCIDENT RESPONDERS, DETECTION ENGINEERS! 📣 💥 📣 We want to hear from YOU!
We are researching Analyst Experience to see what is working and not working in the SOC. PLEASE take 10 min to fill out the survey so we can improve it!
forrester.co1.qualtrics.com/jfe/form/SV_...
We are researching Analyst Experience to see what is working and not working in the SOC. PLEASE take 10 min to fill out the survey so we can improve it!
forrester.co1.qualtrics.com/jfe/form/SV_...
📣 💥 📣 CALLING SOC ANALYSTS, INCIDENT RESPONDERS, DETECTION ENGINEERS! 📣 💥 📣 We want to hear from YOU!
We are researching Analyst Experience to see what is working and not working in the SOC. PLEASE take 10 min to fill out the survey so we can improve it!
forrester.co1.qualtrics.com/jfe/form/SV_...
We are researching Analyst Experience to see what is working and not working in the SOC. PLEASE take 10 min to fill out the survey so we can improve it!
forrester.co1.qualtrics.com/jfe/form/SV_...
Qualtrics Survey | Qualtrics Experience Management
The most powerful, simple and trusted way to gather experience data. Start your journey to experience management and try a free account today.
forrester.co1.qualtrics.com
March 5, 2025 at 4:07 PM
📣 💥 📣 CALLING SOC ANALYSTS, INCIDENT RESPONDERS, DETECTION ENGINEERS! 📣 💥 📣 We want to hear from YOU!
We are researching Analyst Experience to see what is working and not working in the SOC. PLEASE take 10 min to fill out the survey so we can improve it!
forrester.co1.qualtrics.com/jfe/form/SV_...
We are researching Analyst Experience to see what is working and not working in the SOC. PLEASE take 10 min to fill out the survey so we can improve it!
forrester.co1.qualtrics.com/jfe/form/SV_...
Hobbling US Cyber Command unduly sacrifices national security. Read more from The Latest Breach here:
open.substack.com/pub/hackerxb...
open.substack.com/pub/hackerxb...
Pausing offensive cyber operations against Russia endangers American lives
Much of the US military operates under joint operations, which integrate personnel from multiple branches for various goals to make sure the military apparatus is maximally aligned, coordinated, and e...
open.substack.com
March 4, 2025 at 3:08 PM
Hobbling US Cyber Command unduly sacrifices national security. Read more from The Latest Breach here:
open.substack.com/pub/hackerxb...
open.substack.com/pub/hackerxb...
Last month I attended the AV-Comparatives conference and spoke on how I leverage 3rd party lab tests as part of my role as an industry analyst. See the blog for an overview of the event and how I use tests like these:
www.forrester.com/blogs/how-i-...
www.forrester.com/blogs/how-i-...
How I Apply Third-Party Lab Results In My Security Operations Research
Last week, I attended the AV Comparatives conference in Innsbruck, Austria. This conference brought together many cybersecurity vendors, particularly those with a European focus, as well as a few non-...
www.forrester.com
March 3, 2025 at 6:11 PM
Last month I attended the AV-Comparatives conference and spoke on how I leverage 3rd party lab tests as part of my role as an industry analyst. See the blog for an overview of the event and how I use tests like these:
www.forrester.com/blogs/how-i-...
www.forrester.com/blogs/how-i-...