Jon Oltsik

Senior Principal Analyst

  • Blogs
    Mar 2, 2015

    Challenges with SSL/TLS Traffic Decryption and Security Inspection

    As I’ve mentioned in several recent blogs, enterprise organizations are encrypting more and more of their network traffic. A majority (87%) of organizations surveyed as part of a recent ESG research project say they encrypt at least 25% of their overall network traffic today.
  • Blogs
    Feb 26, 2015

    0% Cybersecurity Job Unemployment in Washington

    I’ve written a lot about the global cybersecurity skills shortage over the past few years. Here’s some recent ESG data that illustrates this problem...
  • Blogs
    Feb 25, 2015

    More on Network Encryption and Security

    In a blog I posted last week, I described that enterprise organizations are encrypting more of their network traffic. This is a mixed blessing in that it can protect data confidentiality and integrity but it also opens a camouflaged threat vector back into the organization. To address this risk, a majority (87%) of organizations decrypt and then inspect SSL/TLS traffic looking for things like reconnaissance activity, malware, and C2 communications according to ESG research.

  • research reports
    Feb 24, 2015

    2015 IT Spending Intentions Survey

    In order to assess IT spending priorities over the next 12-18 months, ESG recently surveyed 601 IT professionals representing midmarket (100 to 999 employees) and enterprise-class (1,000 employees or more) organizations in North America and Western Europe. All respondents were personally responsible for or familiar with their organizations’ 2014 IT spending as well as their 2015 IT budget and spending plans at either an entire organization level or at a business unit/division/branch level.

  • Blogs
    Feb 19, 2015

    Federal Cybersecurity Duplicity

    As part of a whistle-stop tour of Northern California, President Obama held a White House Summit on Cybersecurity and Consumer Protection at Stanford University last Friday. Much to the delight of the Silicon Valley crowd, the President signed an executive order (right there on stage at Stanford) to promote data sharing about digital threats. The summit also highlighted industry leaders like Apple CEO Tim Cook, and large critical infrastructure organizations like Bank of America and Pacific Gas & Electric Co.

  • Blogs
    Feb 18, 2015

    Enterprises Are Encrypting and Inspecting More Network Traffic

    Encrypted traffic has become increasingly ubiquitous at most organizations. According to new ESG research, a vast majority (87%) of organizations surveyed encrypt at least 25% of their overall network traffic today.  Network encryption is a security best practice as it protects the privacy and confidentiality of network traffic as it travels from source to destination. 

  • Blogs
    Feb 12, 2015

    Book Report: Countdown to Zero Day

    When you work in the cybersecurity domain you face some daunting challenges.  For one thing, cybersecurity is always changing – there are new offensive and defensive tactics, techniques, and procedures (TTPs) constantly that you try to keep up with.  Alternatively, cybersecurity is an extremely broad topic, spanning technology, regulations, law enforcement, geo-political conflict, critical infrastructure, etc. 

  • Blogs
    Feb 11, 2015

    Information Security Predictions for 2015

    I sat down with ESG Founder and Senior Analyst Steve Duplessie recently to talk about what my expectations are for the information security space in 2015.
  • Blogs
    Feb 9, 2015

    Antivirus Usage Patterns Reveal Hints about Its Effectiveness

    For the past few years, everyone seems to be down on antivirus software. This sentiment was exhibited in a recent ESG research report, The Endpoint Security Paradox. When asked to identify challenges associated with their antivirus software, 34% of security professionals complained about too many false positives that classify benign files/software as malware, while 33% said that products are not nearly as effective at blocking and/or detecting malware as they should be.

  • video
    Feb 6, 2015

    ESG 360: ESG 2015 Predictions - Information Security

    ESG Founder and Senior Analyst Steve Duplessie interviews Senior Analyst Jon Oltsik on his 2015 predictions for the Information Security segment.

  • Blogs
    Feb 6, 2015

    Factors Shaping Network Security at Enterprise Organizations

    As part of my job, I speak with lots of CISOs about their day-to-day activities, challenges, and responsibilities. Motivated by a few of these discussions last summer, I posted a blog called the CISO-centric Information Security Triad, which defined the three primary CISO priorities: security efficacy, operational efficiency, and business enablement.

  • Blogs
    Feb 4, 2015

    Endpoint Security Has Grown More Difficult and Tedious

    As I’ve written several times, endpoint security used to be synonymous with a single software product category--antivirus software. As a result, the endpoint security market was really dominated by five major vendors: Kaspersky, McAfee, Sophos, Symantec, and Trend Micro.

  • Blogs
    Jan 30, 2015

    Is it time for two CISOs at enterprise organizations?

    I was able to get out of snowy Boston this week to give a presentation on enterprise security to a Federal IT audience in Washington DC. As usual, I stated my opinion that enterprises are in the midst of a profound transformation with how they address cybersecurity risk. This change will require a new strategy around security technology and a new type of leadership from CISOs.

  • Blogs
    Jan 26, 2015

    Enterprise Organizations Replacing Commercial Antivirus with Freeware

    For the past 15 to 20 years, the vast majority of organizations install commercial antivirus software on just about every PC residing on their networks. This resulted in a multi-billion dollar industry dominated by five vendors: Kaspersky Lab, McAfee (Intel Security), Sophos, Symantec, and Trend Micro. AV security efficacy has come into question over the past few years, however, as cyber-criminals and state-sponsored hackers regularly use customized malware and zero-day attacks to circumvent AV and compromise PCs.

  • Blogs
    Jan 22, 2015

    Grading the President’s SOTU Cybersecurity Agenda

    In the wake of the furor over the Sony Pictures attack, President Obama came out swinging in his State of the Union speech earlier this week.

More Results:



Jon Oltsik is an ESG senior principal analyst and the founder of the firm’s cybersecurity service. With almost 30 years of technology industry experience, Jon is widely recognized as an expert in all aspects of cybersecurity and is often called upon to help customers understand a CISO's perspective and strategies. 

Full Biography