Jon Oltsik

Senior Principal Analyst

  • briefs
    Sep 7, 2012

    Enterprise Data Masking and Informatica

    Data masking enables organizations to share data structures between end-users, software developers, and third-party organizations, while maintaining confidentiality of the information itself. In the past, data masking was often implemented in an ad-hoc manner, resulting in different data-masking methods used by individual departments or a sub-set of databases. With recent improvements to data-masking tools, organizations should pull together their masking projects and standardize on a single data-masking solution as part of their data management initiative. Informatica, one of the leaders in this space, offers a comprehensive suite of data-masking products that meet these enterprise requirements.

  • Blogs
    Sep 7, 2012

    Where Does Mitt Romney Stand on Cybersecurity?

    Intelligence sharing?  Criticism?  More study?  Who knows.

  • Blogs
    Sep 5, 2012

    The Security Skills Shortage Impact on Security Services

    Information security services are booming right now but the skills shortage could soon disrupt the party. 

  • Blogs
    Aug 30, 2012

    The Security Skills Shortage Is Worse Than You Think

    I’ve written a lot about the security skills shortage but it is worth reviewing a bit of data here for context.  According to ESG Research, 55% of enterprise organizations (i.e., those with more than 1,000 employees) plan to hire additional security professionals in 2012 but they are extremely hard to find.  In fact, 83% of enterprises claim that it is “extremely difficult” or “somewhat difficult” to recruit and/or hire security professionals in the current market.

  • Blogs
    Aug 27, 2012

    Software-defined Security?

    Get ready for a new acronym at VMworld, Software-defined Security (SDS).  Lots of vendors will be selling SDS but I'm not buying it. 

  • research briefs
    Aug 24, 2012

    Online File Sharing and Collaboration: Security Challenges and Requirements

    Security is the primary concern for organizations contemplating online file sharing and collaboration, and their concerns are proving to be well-founded. According to ESG research, organizations that have already adopted online file sharing say that security challenges continue to plague their deployments. The research also reveals the security controls that are important (and not so important) to organizations evaluating online file sharing providers, and highlights the biggest worries IT professionals have about online file sharing.

  • research briefs
    Aug 24, 2012

    Cloud Computing and Server Virtualization Security Confounds CISOs

    Large organizations are virtualizing infrastructure and adopting cloud computing in order to improve efficiencies, lower costs, and accelerate IT responsiveness. These are tremendous business benefits, but ESG Research indicates that these new technology initiatives present numerous security challenges that can increase IT risk or even slow down forward-looking IT projects.

  • Blogs
    Aug 22, 2012

    Information Security: A Sobering Topic at VMworld

    Lack of information security skills, best practices, and appropriate technical controls continue to dog server virtualization and cloud computing initiatives.

  • Blogs
    Aug 17, 2012

    Biggest Information Security Management Challenges for Enterprise Organizations

    Budget constraints top the list of information security management challenges but there is an assortment of other issues.

  • Blogs
    Aug 15, 2012

    Politics 1 Cybersecurity 0

    Earlier this month, senate republicans blocked the latest version of the Lieberman/Collins cybersecurity bill.  Good for politics, bad for national security. 

  • Blogs
    Aug 14, 2012

    What's Driving Enterprise Security Strategy?

    New ESG Research finds that CISOs use a combination of traditional drivers and new requirements to shape their information security strategy. 

  • Blogs
    Aug 8, 2012

    Beyond Basic Mobile Management

    Everyone's talking BYOD and MDM but hardly anyone is considering mobile application development's growing impact.  This has to change. 

  • research briefs
    Aug 3, 2012

    Best Practices for Secure Software Development

    As part of the software development process, information security professionals must make choices about where to invest their budget and staff resources to ensure that homegrown applications are as secure as possible. ESG research found organizations that are considered security “leaders” tend to make different choices than other firms. For example, leaders rely on integrated development and testing suites, scan their applications from multiple perspectives to uncover vulnerabilities, and invest in training developers in security concepts and tools. This research brief details these best practices for all organizations that would like to produce more secure applications.

  • Blogs
    Jul 31, 2012

    New Requirements for Security Monitoring

    When it comes to information security monitoring, ESG Research indicates that enterprises have pressing needs for integration, intelligence, automation, and big data capabilities.

  • Blogs
    Jul 30, 2012

    Advanced Malware Protection: Network or Host?

    Frightened by the prospects of APTs, botnets, and Trojans, large organizations are investing in new advanced malware detection/prevention technologies to fortify defense-in-depth.  Should these new security technologies be applied to the network or to host systems?  Both.   

More Results:



Jon Oltsik is an ESG senior principal analyst and the founder of the firm’s information security service. With over 25 years of technology industry experience, Jon is widely recognized as an expert in all aspects of information security and is often called upon to help customers understand a CISO's perspective and strategies. Recently, Jon has been an active participant with cybersecurity issues, legislation, and technology within the U.S. federal government.

Full Biography


Enter your email address, and click subscribe