Jon Oltsik

Senior Principal Analyst

  • Blogs
    Feb 9, 2015

    Antivirus Usage Patterns Reveal Hints about Its Effectiveness

    For the past few years, everyone seems to be down on antivirus software. This sentiment was exhibited in a recent ESG research report, The Endpoint Security Paradox. When asked to identify challenges associated with their antivirus software, 34% of security professionals complained about too many false positives that classify benign files/software as malware, while 33% said that products are not nearly as effective at blocking and/or detecting malware as they should be.

  • video
    Feb 6, 2015

    ESG 360: ESG 2015 Predictions - Information Security

    ESG Founder and Senior Analyst Steve Duplessie interviews Senior Analyst Jon Oltsik on his 2015 predictions for the Information Security segment.

  • Blogs
    Feb 6, 2015

    Factors Shaping Network Security at Enterprise Organizations

    As part of my job, I speak with lots of CISOs about their day-to-day activities, challenges, and responsibilities. Motivated by a few of these discussions last summer, I posted a blog called the CISO-centric Information Security Triad, which defined the three primary CISO priorities: security efficacy, operational efficiency, and business enablement.

  • Blogs
    Feb 4, 2015

    Endpoint Security Has Grown More Difficult and Tedious

    As I’ve written several times, endpoint security used to be synonymous with a single software product category--antivirus software. As a result, the endpoint security market was really dominated by five major vendors: Kaspersky, McAfee, Sophos, Symantec, and Trend Micro.

  • Blogs
    Jan 30, 2015

    Is it time for two CISOs at enterprise organizations?

    I was able to get out of snowy Boston this week to give a presentation on enterprise security to a Federal IT audience in Washington DC. As usual, I stated my opinion that enterprises are in the midst of a profound transformation with how they address cybersecurity risk. This change will require a new strategy around security technology and a new type of leadership from CISOs.

  • Blogs
    Jan 26, 2015

    Enterprise Organizations Replacing Commercial Antivirus with Freeware

    For the past 15 to 20 years, the vast majority of organizations install commercial antivirus software on just about every PC residing on their networks. This resulted in a multi-billion dollar industry dominated by five vendors: Kaspersky Lab, McAfee (Intel Security), Sophos, Symantec, and Trend Micro. AV security efficacy has come into question over the past few years, however, as cyber-criminals and state-sponsored hackers regularly use customized malware and zero-day attacks to circumvent AV and compromise PCs.

  • Blogs
    Jan 22, 2015

    Grading the President’s SOTU Cybersecurity Agenda

    In the wake of the furor over the Sony Pictures attack, President Obama came out swinging in his State of the Union speech earlier this week.
  • Blogs
    Jan 20, 2015

    Information Security Tops the List of Business Initiatives Driving 2015 IT Spending

    Those of us in the cybersecurity community can name-drop dozens of data breaches from the last ten years, but the late 2013 breach at US retailer Target could be considered a game-changer. In addition to the $148 million price tag, the CEO and CIO were both ousted in the wake of the cyber-attack.

  • News
    Jan 20, 2015

    Cisco Security Poll: Companies Have False Confidence -

  • research reports
    Jan 12, 2015

    The Endpoint Security Paradox

    In order to accurately assess organizations’ endpoint security technologies, policies, and processes, ESG surveyed 340 IT and information security professionals representing large midmarket (500 to 999 employees) and enterprise-class (1,000 employees or more) organizations in North America. All respondents were responsible for evaluating, purchasing, and managing endpoint security technology products and services.

  • Blogs
    Jan 12, 2015

    Endpoint Security Activities Buzzing at Enterprise Organizations

    Endpoint security used to be a quasi “set-it-and-forget-it” category at many enterprise organizations. The IT operations team would provision PCs in an approved, secure configuration and then install AV software on each system. Of course there were periodic security updates (vulnerability scans, patches, signature updates, etc.), but the endpoint security foundation was set and dry by then.

  • Blogs
    Jan 8, 2015

    New Research Data Indicates that Cybersecurity Skills Shortage To Be a Big Problem in 2015

    Like all other industry analysts, I offered my prognostications for 2015 in my blog way back in 2014.  Prediction #1 on my list:  Widespread impact from the cybersecurity skills shortage.

  • Blogs
    Jan 5, 2015

    What Should the 114th Congress Do About Cybersecurity in 2015?

    It’s 2015 and the GOP-dominated 114th congress returns to Washington tomorrow. After years of maintaining a hands-off approach toward cybersecurity, the new Republican-led Congress is poised to jump all over this issue – mostly because of the December data breach at Sony Pictures and the subsequent brouhaha over the release of the now infamous movie, The Interview.
  • Blogs
    Dec 26, 2014

    Last Minute Cybersecurity Predictions for 2015

    By now, every vendor, analyst, and media outlet has already published their cybersecurity predictions for 2015. I actually described some of mine on a Co3 webinar with Bruce Schneier last week, so I thought I’d put together a quick list. Here are ten predictions in no particular order.
  • Blogs
    Dec 19, 2014

    Sony Baloney

    As an information security analyst, I’ve been following the cyber-attack details at Sony Pictures for some time now, just as I followed other events (i.e., Home Depot, JP Morgan Chase, Staples, UPS, etc.) earlier this year.

More Results:



Jon Oltsik is an ESG senior principal analyst and the founder of the firm’s cybersecurity service. With almost 30 years of technology industry experience, Jon is widely recognized as an expert in all aspects of cybersecurity and is often called upon to help customers understand a CISO's perspective and strategies. 

Full Biography