Jon Oltsik

Senior Principal Analyst

  • Blogs
    Jan 22, 2015

    Grading the President’s SOTU Cybersecurity Agenda

    In the wake of the furor over the Sony Pictures attack, President Obama came out swinging in his State of the Union speech earlier this week.
  • Blogs
    Jan 20, 2015

    Information Security Tops the List of Business Initiatives Driving 2015 IT Spending

    Those of us in the cybersecurity community can name-drop dozens of data breaches from the last ten years, but the late 2013 breach at US retailer Target could be considered a game-changer. In addition to the $148 million price tag, the CEO and CIO were both ousted in the wake of the cyber-attack.

  • News
    Jan 20, 2015

    Cisco Security Poll: Companies Have False Confidence -

  • research reports
    Jan 12, 2015

    The Endpoint Security Paradox

    In order to accurately assess organizations’ endpoint security technologies, policies, and processes, ESG surveyed 340 IT and information security professionals representing large midmarket (500 to 999 employees) and enterprise-class (1,000 employees or more) organizations in North America. All respondents were responsible for evaluating, purchasing, and managing endpoint security technology products and services.

  • Blogs
    Jan 12, 2015

    Endpoint Security Activities Buzzing at Enterprise Organizations

    Endpoint security used to be a quasi “set-it-and-forget-it” category at many enterprise organizations. The IT operations team would provision PCs in an approved, secure configuration and then install AV software on each system. Of course there were periodic security updates (vulnerability scans, patches, signature updates, etc.), but the endpoint security foundation was set and dry by then.

  • Blogs
    Jan 8, 2015

    New Research Data Indicates that Cybersecurity Skills Shortage To Be a Big Problem in 2015

    Like all other industry analysts, I offered my prognostications for 2015 in my blog way back in 2014.  Prediction #1 on my list:  Widespread impact from the cybersecurity skills shortage.

  • Blogs
    Jan 5, 2015

    What Should the 114th Congress Do About Cybersecurity in 2015?

    It’s 2015 and the GOP-dominated 114th congress returns to Washington tomorrow. After years of maintaining a hands-off approach toward cybersecurity, the new Republican-led Congress is poised to jump all over this issue – mostly because of the December data breach at Sony Pictures and the subsequent brouhaha over the release of the now infamous movie, The Interview.
  • Blogs
    Dec 26, 2014

    Last Minute Cybersecurity Predictions for 2015

    By now, every vendor, analyst, and media outlet has already published their cybersecurity predictions for 2015. I actually described some of mine on a Co3 webinar with Bruce Schneier last week, so I thought I’d put together a quick list. Here are ten predictions in no particular order.
  • Blogs
    Dec 19, 2014

    Sony Baloney

    As an information security analyst, I’ve been following the cyber-attack details at Sony Pictures for some time now, just as I followed other events (i.e., Home Depot, JP Morgan Chase, Staples, UPS, etc.) earlier this year.
  • Blogs
    Dec 16, 2014

    NAC Renaissance

    Remember NAC? Cisco first introduced the concept of Network Admission Control back around 2004. Back then, NAC’s primary role was checking the security status of PCs before granting them access to the network. This type of functionality was really in response to a wave of Internet worms in the early 2000s that were infecting and clogging up corporate networks.
  • Blogs
    Dec 11, 2014

    Cisco Acquires Neohapsis: A Sign of the Times

    Yesterday, Cisco Systems announced the acquisition of Neohapsis, a Chicago-based security consulting and services firm. Now Cisco’s forte is in moving bits from source to destination and inspecting packets to enforce security rules and policies. So why is an equipment manufacturer buying a cybersecurity body shop? Several reasons:
  • Blogs
    Dec 9, 2014

    Cybersecurity Skills Shortage Panic in 2015?

    As part of its annual IT spending intentions research, ESG asks IT professionals around the world to identify areas where they have a problematic shortage of IT skills. Over the past three years, information security skills topped this list. In 2014, 25% of all surveyed organizations said they had a problematic shortage of infosec skills.

  • Blogs
    Dec 5, 2014

    CISOs Should Be Proactive and Influential in SDN Strategy

    In 2014, SDN gained a lot of momentum and many organizations are already piloting SDN or planning deployment projects for next year. Good news for network security because SDN holds a lot of promise for improving the role of the network with incident prevention, detection, and response.

  • Blogs
    Dec 3, 2014

    Cybersecurity Recommendation: Don’t Poke the Bear

    The website, Urban Dictionary, defines the expression “don’t poke the bear” as follows:

    A phrase of warning used to prevent oneself or others from asking or doing something that might provoke a negative response from someone or something else.

  • Blogs
    Nov 25, 2014

    Software-defined Networking Followed by SDN Security

    Earlier this year, ESG published a research report titled, Network Security Trends In the Era of Cloud and Mobile Computing. As part of this report, ESG surveyed 321 security professionals working at enterprise organizations (i.e., more than 1,000 employees) about their networking and network security strategies.

More Results:



Jon Oltsik is an ESG senior principal analyst and the founder of the firm’s cybersecurity service. With almost 30 years of technology industry experience, Jon is widely recognized as an expert in all aspects of cybersecurity and is often called upon to help customers understand a CISO's perspective and strategies. 

Full Biography