Jon Oltsik

Senior Principal Analyst

  • esg video capsules
    Apr 13, 2015

    ESG Video Capsule: The Endpoint Security Paradox

    In this ESG Video Capsule, ESG Senior Principal Analyst Jon Oltsik discusses ESG's recent research on endpoint security.

  • Blogs
    Apr 13, 2015

    Threat Intelligence Sharing Momentum and Needs

    Threat intelligence sharing is certainly riding a wave of momentum as we head into the RSA Conference next week. Over the past 6 months, we’ve seen things like lots of federal activity, further adoption of threat intelligence standards, and industry actions.

  • Blogs
    Apr 7, 2015

    Anticipating RSA 2015

    The annual security geek-fest known as the RSA Security Conference is just 2 weeks away. Alas, I remember when it was a cozy event that attracted a few thousand visitors and focused on esoteric security technologies like cryptography, deep packet inspection, and malware detection heuristics.

    As for 2015, I expect at least 25,000 attendees spanning keynote presentations, show floors, pervasive hospitality suites and a constant barrage of hokey themed cocktail parties.

  • Blogs
    Apr 2, 2015

    Could Software-defined Networking (SDN) Revolutionize Network Security?

    Network security grows more and more difficult all the time. According to recent ESG research on network security, 79% of security professionals working at enterprise organizations (i.e., more than 1,000 employees) believe that network security is more difficult than it was two years ago. Why? Threats are getting more targeted, voluminous, and sophisticated while networks grow more complex with the addition of more users, devices, traffic, etc.

  • News
    Apr 1, 2015

    Taming the third-party threat: Application security - SC Magazine

  • Blogs
    Mar 31, 2015

    The Proportional Cybersecurity Law (aka Oltsik’s law)

    The combination of IT complexity, the growing attack surface, and a progressively more dangerous threat landscape is making cybersecurity more difficult. And it’s not one particular area of cybersecurity that’s becoming more difficult, it’s the whole kit and caboodle.

  • News
    Mar 30, 2015

    Advice to CSOs: Have a sense of humour - IT World Canada

  • Blogs
    Mar 26, 2015

    In Cybersecurity, the Network Doesn’t Lie

    In a recent ESG Research Report, enterprise security professionals were asked to identify the primary objectives associated with their organization’s network security strategy. It turns out that 40% of organizations plan to move toward continuous monitoring of all assets on the network while 30% of organizations plan to capture more network traffic for security analytics.

  • Blogs
    Mar 23, 2015

    Massive Enterprise Endpoint Security Opportunity

    In the past, large organizations spent most if not all of their endpoint security dollars on a single product—antivirus software. This decision created a multi-billion dollar market dominated by 5 vendors: Kaspersky Lab, McAfee (Intel Security), Sophos, Symantec, and Trend Micro.

  • briefs
    Mar 19, 2015

    2015: Year of the Information Security Tipping Point?

    A majority of organizations plan to increase information security spending this year—especially in industries such as retail, transportation/logistics, manufacturing, and communications & media. These budget increases make sense as business and IT executives come to terms with the dangerous threat landscape and persistent wave of highly-publicized data breaches. Rather than a minor spending correction, ESG believes that these changes will last several years as organizations modernize their security defenses, improve infosec oversight and analytics, and adopt internal security controls and processes to accommodate cloud and mobile computing.  

  • Blogs
    Mar 19, 2015

    The Increasing Cybersecurity Attack Surface

    I just read a good Wall Street Journal blog by Ben DiPietro titled, Speed of Tech Change a Threat to Cybersecurity. His main point is that while organizations are adopting new technologies like cloud computing, mobile computing, and applications based upon the Internet of Things (IoT), they continue to address cybersecurity risks, controls, and oversight with legacy tools and processes. This creates a mismatch where cyber-adversaries have a distinct offensive advantage over a potpourri of assorted legacy enterprise security defenses.

  • briefs
    Mar 17, 2015

    Usage of Endpoint Security Services Is Growing: What Are the Ramifications of this Trend?

    Endpoint security has grown more difficult, driven by new types of multi-dimensional threats. This changes everything—CISOs are being forced to implement additional endpoint security controls, collect endpoint forensic data, integrate endpoint and network security defenses, and dig deeper into endpoint security analytics. Given this transition, many organizations no longer have ample resources or the right skills for endpoint security, prompting CISOs to offload some or all endpoint security tasks to service providers. ESG research illustrates growing demand for endpoint security services and discusses the implications for enterprise organizations, endpoint technology vendors, and service providers. 

  • lab reports
    Mar 17, 2015

    ESG Lab Review: Performance and Scalability with the Juniper SRX5400

    This ESG Lab review documents hands-on testing of the Juniper SRX5400 with a focus on the performance and scalability benefits of the next-generation I/O card (IOC-II) with the new Express Path capability.

  • Blogs
    Mar 16, 2015

    Information Security: The Most Important IT Initiative in 2015

    At an elementary level, IT is all about using technology to enable the business. This really hasn’t changed, even back in the early days when IT was called data processing or management information systems. In today’s IT world, business enablement is driving a few meta-trends. Cheap hardware and open source software are driving big data analytics to the mainstream. Organizations are abandoning the costs and constraints of on-site IT systems as they move applications and systems to the cloud. Mobile devices are becoming the primary compute platform for users, automating business processes and changing application development.
  • Blogs
    Mar 12, 2015

    Will Public/Private Threat Intelligence Sharing Work?

    In January, Representative Charles Albert “Dutch” Ruppersberger (D-MD) reintroduced the Cyber Intelligence Sharing and Protection Act (CISPA) as H.R. 234 into the 114th Congress. The bill was first introduced by Mike Rogers (R-MI) in 2011.

More Results:



Jon Oltsik is an ESG senior principal analyst and the founder of the firm’s cybersecurity service. With almost 30 years of technology industry experience, Jon is widely recognized as an expert in all aspects of cybersecurity and is often called upon to help customers understand a CISO's perspective and strategies. 

Full Biography