Jon Oltsik

Senior Principal Analyst

  • video
    Jul 15, 2015

    ESG Welcomes Doug Cahill

    Senior Principal Analyst Jon Oltsik welcomes Senior Analyst Doug Cahill to ESG's Cybersecurity segment.

  • Blogs
    Jul 14, 2015

    Cybersecurity Lessons from W. Edwards Deming

    In 2014, ESG published a research report on network security. Cybersecurity professionals working at enterprise organizations (i.e., more than 1,000 employees) were asked to identify some of their biggest network security challenges.

  • Blogs
    Jul 9, 2015

    Enterprise Objectives for Threat Intelligence Programs

    It wouldn’t be a stretch to call 2015 the year of threat intelligence. In February, President Obama signed an executive order at a cybersecurity event held at Stanford University that encourages and promotes threat intelligence sharing between the private sector and federal government. Meanwhile, the US Congress has introduced several threat sharing bills of their own. And at the annual RSA Security Conference in April, threat intelligence was clearly one of the primary topics of discussion among cybersecurity professionals, technology vendors, and government representatives.

  • briefs
    Jul 7, 2015

    Tanium Helping Enterprises Regain Control of Endpoints

    Endpoint security is getting more difficult as organizations struggle to manage, secure, and inventory their devices. IT security professionals are expected to support bring-your-own-device (BYOD) and mobility initiatives, but the realities of implementing those initiatives at scale can be overwhelmingly complex. Organizations seeking to improve their operational efficiency when it comes to endpoint management and security may want to investigate Tanium, a security vendor that can help organizations manage and secure endpoints in a variety of ways.

  • Blogs
    Jul 7, 2015

    Beware Cybersecurity Charlatanism

    Cybersecurity headlines have a new angle lately. Aside from discussions about the OPM breach and Chinese cyber-espionage, there are also lots of stories about 52-week high stock prices of cybersecurity darlings like CyberArk, FireEye, Palo Alto Networks, and Splunk. I’ve also read reports about imminent IPOs and investment firms that created several new cybersecurity ETFs.

  • briefs
    Jul 6, 2015

    FireEye Broadening Endpoint Security Platform to Include Threat Protection

    FireEye recently unveiled an expanded endpoint threat protection platform that includes the prevention of endpoint attacks. FireEye has ridden a tremendous amount of momentum in security investigation, endpoint forensics, and professional services, yet endpoint protection has not been considered a foundational strength. This offering should change that perception by positioning FireEye as a more holistic endpoint security provider for organizations—before, during, and after a cyber-attack.

  • Blogs
    Jul 1, 2015

    Enterprise Threat Intelligence Programs Are Immature

    It seems like everyone is talking about threat intelligence these days: the feds are promoting public/private threat intelligence sharing across the executive and legislative branches, and the industry is buzzing about threat intelligence feeds, sharing platforms, and advanced analytics.

  • News
    Jun 30, 2015

    Spikes Debuts Isolation Tech for Browser-borne Malware - Infosecurity Magazine

  • research reports
    Jun 25, 2015

    Threat Intelligence and Its Role Within Enterprise Cybersecurity Practices

    In order to assess how enterprise organizations are collecting, processing, analyzing, and operationalizing their threat intelligence programs, ESG surveyed 304 IT and information security professionals representing enterprise-class (1,000 employees or more) organizations in North America. All respondents were involved in the planning, implementation, and/or daily operations of their organization’s threat intelligence program, processes, or technologies.

  • Blogs
    Jun 25, 2015

    Enterprises Need Advanced Incident Prevention

    Given the booming state of the cybersecurity market, industry rhetoric is at an all-time high. One of the more nonsensical infosec banalities goes something like this: Cybersecurity has always been anchored by incident prevention technologies like AV software, firewalls, and IDS/IPS systems, but sophisticated cyber-adversaries have become extremely adept at circumventing status quo security controls. Therefore, organizations should give up on prevention and focus all their attention on incident detection and response.

  • briefs
    Jun 22, 2015

    Group-based Policy

    The Group-based Policy (GBP) project is an evolving open source project that is beginning to influence commercial products. Inspired by concepts from Cisco’s Application Centric Infrastructure, the project was designed for OpenStack and OpenDaylight to provide infrastructure policy and has emerged as a platform that can become a foundation for commercial products for policy-based networking, as well as other areas, such as service chaining. GBP’s generalized approach shows that it is not tied to any particular vendor and stands alone as an independent project with industry influence. GBP needs to continue accepting contributions from a variety of vendors and extending its reach.

  • Blogs
    Jun 22, 2015

    Malware? Cyber-crime? Call the ICOPs!

    To fully understand the state of cybersecurity at enterprise organizations, it’s worthwhile to review a bit of history. In the early days of Internet connectivity, information security was viewed as a necessary evil, so enterprise security budgets tended to be pretty stingy. CEOs didn’t want good security, they wanted “good enough” security, so they were only willing to provide minimal funding.

  • Blogs
    Jun 18, 2015

    Endpoint Security Technology Nirvana

    For years, endpoint security was defined by antivirus software and a few leading vendors like Kaspersky Lab, McAfee (Intel Security), Sophos, Symantec, and Trend Micro. This perception has changed over the past few years. CISOs are now demanding endpoint profiling, advanced threat detection, and forensic capabilities, opening the door for other vendors like Bit9/Carbon Black, Cisco, Confer, FireEye, ForeScout, Great Bay Software, Guidance Software, Invincea, Palo Alto, RSA, SentinelOne, Tanium, etc.

  • video
    Jun 17, 2015

    ESG On Location Video: Insights from Cisco Live 2015

    In this ESG On Location Video, ESG's Dan Conde, Jon Oltsik, and Brian Garrett report from Cisco Live 2015 in San Diego CA.

  • Blogs
    Jun 16, 2015

    Cybersecurity Industry Blame Game at RSA Conference

    I’ve been meaning to write this blog since returning from San Francisco in April and I’ve finally gotten around to it. With the dangerous threat landscape and seemingly endless string of data breaches, there was quite a bit of industry bashing at this year’s RSA conference. Discussions featured numerous sound bites accusing the cybersecurity industry of "being stuck in the dark ages," and claiming that the industry "has failed its customers." Pretty strong stuff.

More Results:



Jon Oltsik is an ESG senior principal analyst and the founder of the firm’s information security service. With over 25 years of technology industry experience, Jon is widely recognized as an expert in all aspects of information security and is often called upon to help customers understand a CISO's perspective and strategies. Recently, Jon has been an active participant with cybersecurity issues, legislation, and technology within the U.S. federal government.

Full Biography