Merritt Maxim

Cambridge

Vice President and Research Director at Forrester Research

VP & Research Director @forrester covering IAM @colgateuniv @MITSloan alum, I ski, bike & collect random facts. Big Lennie Briscoe fan. Views are my own

Featured in: Favicon

forrester.com Favicon

siliconrepublic.com Favicon

scmagazine.com Favicon

healthdatamanagement.com Favicon

cdotrends.com

Articles

Identiverse 2025 Recap: The Identity Trends Reshaping Your IAM Roadmap

1 week ago | forrester.com | Merritt Maxim

I recently attended Identiverse in Las Vegas. This was my first time back at Identiverse since conference founder Ping Identity sold the conference in 2021. As identity related initiatives continue to dominate Forrester’s clients’ top priorities and initiatives, I felt impelled to share my perspectives and insights. Here are my five major conclusions and recommendations for security leaders from the conference:Protecting non-human identities (NHI) is as critical as securing AI.
So There Won’t Be A Wiz IPO; What Does That Mean For Cyber IPOs In 2025?

2 months ago | forrester.com | Merritt Maxim |Allie Mellen |Joseph Blankenship

Last week’s mega deal of Google acquiring CNAPP provider Wiz for $32B has some lamenting the future of IPOs in the cybersecurity space. Wiz was on a high growth trajectory and given Wiz had previously rebuffed Google’s interest in summer of 2024, many assumed Wiz was on target for a 2025 IPO, the success of which was meant to serve as a bellwether for the overall health of cybersecurity market. With Wiz no longer an IPO candidate, has the momentum for cybersecurity IPOs stalled?
The Akira IoT device attacks aren’t just about THAT device

Mar 12, 2025 | forrester.com | Paddy Harrington |Jeff Pollard |Merritt Maxim

Protecting IoT devices is not easy. With few exceptions, you can’t take a traditional endpoint protection approach and install a local agent on the IoT device for protection. Proprietary OS/firmware in many cases precludes installing an endpoint. Even when the device runs embedded Linux or Windows Embedded OS, standard endpoint defensive measures aren’t available either as those are locked OS’s that require complicated processes to update.
Top Recommendations For CISOs In 2025: Deal With Uncertainty… Again

Mar 12, 2025 | forrester.com | Jeff Pollard |Allie Mellen |Merritt Maxim

The security landscape continues to evolve as does global uncertainty, leaving CISOs to prepare for turbulence ahead. Our latest report, Top Recommendations For Your Security Program, 2025, provides timely guidance for security leaders as they navigate another precarious year for their roles, programs, and organizations. We’ve included four of our twelve recommendations in this blog as a starter pack for what CISOs will deal with in 2025 and most importantly: what they should do about it.
Cybersecurity’s Latest Buzzword Has Arrived: What Agentic AI Is And Isn’t

Mar 12, 2025 | forrester.com | Allie Mellen |Merritt Maxim |Diego Giudice

Cybersecurity vendors have come out of the woodwork in the past few months to announce their “agentic AI” innovations. These include vendors like Swimlane, ReliaQuest, Dropzone AI, Intezer, and others.
Apple Aims To Make Transparency The Core Of Its Trust Strategy

Mar 12, 2025 | forrester.com | Martin Gill |Merritt Maxim |Diego Giudice

Co-authored with Enza Iannopollo, Principal AnalystWe made a call last week that Apple had created a trust issue in the UK, and possibly more widely, by breaking its commitment to protecting its users’ privacy by withdrawing ADP for UK users to comply with the government’s demands to, in certain circumstances, be able to access all of a user’s data. Is Apple doing its business out in public to try and show transparency? But wait, there’s more:On one hand… a transparently public vote.
The Brewing Battle For Digital Online Age Verification

Mar 11, 2025 | forrester.com | Merritt Maxim |Andrew Cornwall |Enza Iannopollo

The rapid shift to all-digital customer interactions during the COVID-19 pandemic drove considerable demand and innovation for high fidelity digital only identity verification (IDV) solutions that organizations could leverage to confirm an individual’s identity and eligibility for certain services.
Another Cautionary Tale On Perils Of Using Password Managers

Mar 5, 2025 | forrester.com | Andras Cser |Merritt Maxim |Allie Mellen

Last week, password wallet vendor LastPass experienced an outage. All LastPass systems and services have since been restored and are up and running. It is worth noting that this is not the first incident involving password wallet products. Past incidents include:Last week’s outage at LastPass highlighted ongoing concerns around password management technologies, namely:Dependence on a single vendor’s solution for being able to log into personal and enterprise platforms.
Quantum Security Isn’t Hype, Every Security Leader Needs It

Mar 3, 2025 | forrester.com | Merritt Maxim |Allie Mellen |Kim Herrington

The commercial availability of quantum computers that can compromise traditional asymmetric cryptography is still five to 10 years away. But security and risk (S&R) professionals must assess and prepare for the impact of quantum security now. While the encryption market has a history of vendors publishing incredible claims like “unbreakable encryption”, the hype and interest around quantum is real because hackers are already using the “harvest now, decrypt later” approach.
Go Beyond The MITRE ATT&CK Evaluation To The True Cost Of Alert Volumes

Feb 12, 2025 | forrester.com | Allie Mellen |Merritt Maxim |Erik Nost

MITRE released its latest Enterprise MITRE ATT&CK Evaluations in December of 2024. At that time, we published a blog with a quick overview of the results. Today, we’re excited to announce that we have released three new pieces of research about this round of evaluations:Analysis Of The 2024 MITRE Engenuity ATT&CK Evaluation — an overview of this round’s evaluations with an explanation of the changes in methodology and an interpretation of the results.