Jon Oltsik

Senior Principal Analyst

  • briefs
    Mar 17, 2015

    Usage of Endpoint Security Services Is Growing: What Are the Ramifications of this Trend?

    Endpoint security has grown more difficult, driven by new types of multi-dimensional threats. This changes everything—CISOs are being forced to implement additional endpoint security controls, collect endpoint forensic data, integrate endpoint and network security defenses, and dig deeper into endpoint security analytics. Given this transition, many organizations no longer have ample resources or the right skills for endpoint security, prompting CISOs to offload some or all endpoint security tasks to service providers. ESG research illustrates growing demand for endpoint security services and discusses the implications for enterprise organizations, endpoint technology vendors, and service providers. 

  • lab reports
    Mar 17, 2015

    ESG Lab Review: Performance and Scalability with the Juniper SRX5400

    This ESG Lab review documents hands-on testing of the Juniper SRX5400 with a focus on the performance and scalability benefits of the next-generation I/O card (IOC-II) with the new Express Path capability.

  • Blogs
    Mar 16, 2015

    Information Security: The Most Important IT Initiative in 2015

    At an elementary level, IT is all about using technology to enable the business. This really hasn’t changed, even back in the early days when IT was called data processing or management information systems. In today’s IT world, business enablement is driving a few meta-trends. Cheap hardware and open source software are driving big data analytics to the mainstream. Organizations are abandoning the costs and constraints of on-site IT systems as they move applications and systems to the cloud. Mobile devices are becoming the primary compute platform for users, automating business processes and changing application development.
  • Blogs
    Mar 12, 2015

    Will Public/Private Threat Intelligence Sharing Work?

    In January, Representative Charles Albert “Dutch” Ruppersberger (D-MD) reintroduced the Cyber Intelligence Sharing and Protection Act (CISPA) as H.R. 234 into the 114th Congress. The bill was first introduced by Mike Rogers (R-MI) in 2011.
  • Blogs
    Mar 9, 2015

    Book Report: @War: The Rise of the Military-Internet Complex

    I’ve read a fair amount of cybersecurity books across a wide spectrum of topics—early hackers, cyber-crime, hacktivists, nation state activity, etc. A few years ago, new books were few and far between, but this is no longer the case. I recently posted a blog/book report on Kim Zetter’s fantastic book, Countdown to Zero Day. Allow me to recommend another good one, @War: The Rise of the Military-Internet Complex, by Shane Harris.

  • Blogs
    Mar 5, 2015

    Endpoint Security Meets the Cybersecurity Skills Shortage

    Just about every cyber-attack follows a similar pattern: An end-user is fooled into clicking on a malicious link, downloading malware, or opening an infected file. This is one of the early stages of the famous Lockheed Martin “kill chain.”

  • News
    Mar 4, 2015

    Freeware Security Solutions Gain Traction Among Organizations - Midsize Insider

  • Blogs
    Mar 2, 2015

    Challenges with SSL/TLS Traffic Decryption and Security Inspection

    As I’ve mentioned in several recent blogs, enterprise organizations are encrypting more and more of their network traffic. A majority (87%) of organizations surveyed as part of a recent ESG research project say they encrypt at least 25% of their overall network traffic today.
  • Blogs
    Feb 26, 2015

    0% Cybersecurity Job Unemployment in Washington

    I’ve written a lot about the global cybersecurity skills shortage over the past few years. Here’s some recent ESG data that illustrates this problem...
  • Blogs
    Feb 25, 2015

    More on Network Encryption and Security

    In a blog I posted last week, I described that enterprise organizations are encrypting more of their network traffic. This is a mixed blessing in that it can protect data confidentiality and integrity but it also opens a camouflaged threat vector back into the organization. To address this risk, a majority (87%) of organizations decrypt and then inspect SSL/TLS traffic looking for things like reconnaissance activity, malware, and C2 communications according to ESG research.

  • research reports
    Feb 24, 2015

    2015 IT Spending Intentions Survey

    In order to assess IT spending priorities over the next 12-18 months, ESG recently surveyed 601 IT professionals representing midmarket (100 to 999 employees) and enterprise-class (1,000 employees or more) organizations in North America and Western Europe. All respondents were personally responsible for or familiar with their organizations’ 2014 IT spending as well as their 2015 IT budget and spending plans at either an entire organization level or at a business unit/division/branch level.

  • Blogs
    Feb 19, 2015

    Federal Cybersecurity Duplicity

    As part of a whistle-stop tour of Northern California, President Obama held a White House Summit on Cybersecurity and Consumer Protection at Stanford University last Friday. Much to the delight of the Silicon Valley crowd, the President signed an executive order (right there on stage at Stanford) to promote data sharing about digital threats. The summit also highlighted industry leaders like Apple CEO Tim Cook, and large critical infrastructure organizations like Bank of America and Pacific Gas & Electric Co.

  • Blogs
    Feb 18, 2015

    Enterprises Are Encrypting and Inspecting More Network Traffic

    Encrypted traffic has become increasingly ubiquitous at most organizations. According to new ESG research, a vast majority (87%) of organizations surveyed encrypt at least 25% of their overall network traffic today.  Network encryption is a security best practice as it protects the privacy and confidentiality of network traffic as it travels from source to destination. 

  • Blogs
    Feb 12, 2015

    Book Report: Countdown to Zero Day

    When you work in the cybersecurity domain you face some daunting challenges.  For one thing, cybersecurity is always changing – there are new offensive and defensive tactics, techniques, and procedures (TTPs) constantly that you try to keep up with.  Alternatively, cybersecurity is an extremely broad topic, spanning technology, regulations, law enforcement, geo-political conflict, critical infrastructure, etc. 

  • Blogs
    Feb 11, 2015

    Information Security Predictions for 2015

    I sat down with ESG Founder and Senior Analyst Steve Duplessie recently to talk about what my expectations are for the information security space in 2015.

More Results:



Jon Oltsik is an ESG senior principal analyst and the founder of the firm’s cybersecurity service. With almost 30 years of technology industry experience, Jon is widely recognized as an expert in all aspects of cybersecurity and is often called upon to help customers understand a CISO's perspective and strategies. 

Full Biography