Jon Oltsik

Senior Principal Analyst

  • Blogs
    Dec 16, 2014

    NAC Renaissance

    Remember NAC? Cisco first introduced the concept of Network Admission Control back around 2004. Back then, NAC’s primary role was checking the security status of PCs before granting them access to the network. This type of functionality was really in response to a wave of Internet worms in the early 2000s that were infecting and clogging up corporate networks.
  • Blogs
    Dec 11, 2014

    Cisco Acquires Neohapsis: A Sign of the Times

    Yesterday, Cisco Systems announced the acquisition of Neohapsis, a Chicago-based security consulting and services firm. Now Cisco’s forte is in moving bits from source to destination and inspecting packets to enforce security rules and policies. So why is an equipment manufacturer buying a cybersecurity body shop? Several reasons:
  • Blogs
    Dec 9, 2014

    Cybersecurity Skills Shortage Panic in 2015?

    As part of its annual IT spending intentions research, ESG asks IT professionals around the world to identify areas where they have a problematic shortage of IT skills. Over the past three years, information security skills topped this list. In 2014, 25% of all surveyed organizations said they had a problematic shortage of infosec skills.

  • Blogs
    Dec 5, 2014

    CISOs Should Be Proactive and Influential in SDN Strategy

    In 2014, SDN gained a lot of momentum and many organizations are already piloting SDN or planning deployment projects for next year. Good news for network security because SDN holds a lot of promise for improving the role of the network with incident prevention, detection, and response.

  • Blogs
    Dec 3, 2014

    Cybersecurity Recommendation: Don’t Poke the Bear

    The website, Urban Dictionary, defines the expression “don’t poke the bear” as follows:

    A phrase of warning used to prevent oneself or others from asking or doing something that might provoke a negative response from someone or something else.

  • Blogs
    Nov 25, 2014

    Software-defined Networking Followed by SDN Security

    Earlier this year, ESG published a research report titled, Network Security Trends In the Era of Cloud and Mobile Computing. As part of this report, ESG surveyed 321 security professionals working at enterprise organizations (i.e., more than 1,000 employees) about their networking and network security strategies.

  • Blogs
    Nov 20, 2014

    Confusion Persists around Cyber Threat Intelligence for Enterprises

    Over the last few months, I’ve talked to a number of CISOs and security analytics professionals about threat intelligence as I’m about to dig into this topic with some primary research.

    One of the things I’ve learned is that large enterprises are consuming lots of open source and commercial threat intelligence feeds. In some cases, these feeds are discrete services from vendors like iSight Partners, Norse, or Vorstack. Alternatively, they also purchase threat intelligence along with products from security vendors like Blue Coat, Check Point, Cisco, FireEye, Fortinet, IBM, McAfee, Palo Alto Networks, Symantec, Trend Micro, Webroot, and a cast of a thousand others.

  • Blogs
    Nov 17, 2014

    Time to Address Basic Organizational Issues that Impact IT Security

    In the past, cybersecurity was thought of as an IT problem where CISOs were given meager budgets and told to handle IT security with basic technical safeguards and a small staff of security administrators. Fast forward to 2014 and things have certainly changed now that business mucky-mucks read about data breaches in the Wall Street Journal on a daily basis.

  • News
    Nov 12, 2014

    Security Readers' Choice Awards 2014: Cloud security products - TechTarget

  • Blogs
    Nov 11, 2014

    Book Report: Tubes: A Journey to the Center of the Internet

    Okay, I admit that I’m a geek and have read numerous books on the history of IT and the Internet. Katie Hafner’s Where Wizards Stay up Late, The Origins of the Internet is a particular favorite of mine.

  • Blogs
    Nov 7, 2014

    Trend Micro for Enterprise Security

    Ask a security professional in North America to describe Trend Micro and you will likely hear about antivirus software and a grouping of vendors that also includes McAfee and Symantec. Funny, but you’d get a completely different answer if you asked the same question in Brazil, Germany, or Japan. In these geographies, you’d hear about a billion dollar-plus enterprise-class security leader with a full portfolio of products, partnerships, and managed services.

  • News
    Nov 6, 2014

    Cybersecurity's All-Seeing Eye? - Bloomberg Businessweek Technology

  • Blogs
    Nov 5, 2014

    Intel Security Opportunities and Challenges

    With the glitz of Las Vegas as a background, Intel Security (aka McAfee) held its annual FOCUS event last week attracting analysts, customers, and the press alike.

  • News
    Nov 5, 2014

    IBM launches new cloud security practice - USA Today

  • briefs
    Nov 4, 2014

    RSA ECAT 4.0 for Endpoint Forensics and Enterprise Security Analytics

    In September 2014, RSA announced the release of RSA ECAT 4.0, an endpoint security analytics solution aimed at improving organizations’ ability to detect, prioritize, investigate, and remediate threats. In a move toward integration, ECAT rounds out RSA’s product line alongside its web threat detection, GRC, and IAM solutions for data protection, security analytics, and now endpoint security as well. This approach to endpoint security widens RSA’s footprint in the enterprise security market, providing customers with end-to-end integration between their networks and endpoints.

More Results:



Jon Oltsik is an ESG senior principal analyst and the founder of the firm’s cybersecurity service. With almost 30 years of technology industry experience, Jon is widely recognized as an expert in all aspects of cybersecurity and is often called upon to help customers understand a CISO's perspective and strategies. 

Full Biography