Jon Oltsik

Senior Principal Analyst

  • Blogs
    Sep 18, 2015

    Cyber Supply Chain Security Is Increasingly Difficult for Critical Infrastructure Organizations

    As the old cybersecurity adage states, "The cybersecurity chain is only as strong as its weakest link." Smart CISOs also understand that the proverbial weak link may actually be out of their control.

  • briefs
    Sep 17, 2015

    Webroot’s Intelligent Approach to Endpoint Security

    The endpoint often plays a central role in the cyber kill chain, serving as the entry point and staging ground for a broader attack, a dynamic that has raised the stakes in protecting the endpoint attack surface area. Today’s endpoint security market is in transition, with customers seeking solutions that protect against zero day malware and exploits while evaluating whether “next-generation” solutions augment or replace traditional antivirus. Webroot SecureAnywhere Business Endpoint Protection strives to bridge the gap with a smart approach to detect, prevent, and remediate malware on endpoints.

  • Blogs
    Sep 15, 2015

    The Network’s Role as a Security Sensor and Policy Enforcer

    According to ESG research, 79% of cybersecurity professionals working at enterprise organizations (i.e., more than 1,000 employees) believe that network security management and operations is more difficult today than it was two years ago. Why? Infosec pros point to a combination of increasingly dangerous cyber-threats, new IT initiatives like cloud and mobile computing, legacy point tools, and growing security operations overhead.

  • research reports
    Sep 14, 2015

    Cyber Supply Chain Security Revisited

    In order to explore cyber supply chain security practices and challenges further, ESG surveyed 303 IT and information security professionals representing large midmarket (500 to 999 employees) organizations and enterprise-class (1,000 employees or more) organizations in the United States within vertical industries designated as critical infrastructure by the U.S. Department of Homeland Security (DHS). All respondents were familiar with/responsible for their organization’s information security policies and procedures, especially with respect to the procurement of IT products and services. Respondents also had to be familiar with cyber supply chain security as defined previously. 

  • Blogs
    Sep 11, 2015

    Challenges around Operationalizing Threat Intelligence

    When it comes to threat intelligence, there seem to be two primary focus areas in play: The threat intelligence data itself and the legislative rhetoric around threat intelligence sharing (i.e., CISA, CISPA, etc.). What’s missing? The answer to a basic question: How do organizations get actual value out of threat intelligence data and threat intelligence sharing in a meaningful way?

  • esg video capsules
    Sep 9, 2015

    ESG Video Capsule: Threat Intelligence and Enterprise Cybersecurity Practices, Part 3 - The Future of Threat Intelligence

    In this ESG Video Capsule series, ESG Senior Principal Analyst Jon Oltsik reviews recent ESG research on Threat Intelligence trends. In this segment, Jon discusses the future of threat intelligence.

  • Blogs
    Sep 8, 2015

    My Assessment of VMware NSX

    At last week’s VMworld event in San Francisco, I spent a good deal of time speaking with VMware, its customers, and a wide variety of its partners about the cybersecurity use case for NSX

  • Blogs
    Sep 2, 2015

    The RMS Titanic and Cybersecurity

    Little known fact: Yesterday was the 30th anniversary of Bob Ballard’s discovery of the RMS Titanic, several hundred miles off the coast of Newfoundland Canada. I’ve recently done some research into the ship, its builders, and its ultimate fate and believe that lessons learned from Titanic may be useful for the cybersecurity community at large.

  • esg video capsules
    Aug 31, 2015

    Threat Intelligence and Enterprise Cybersecurity Practices - Part 2 - Organizational Challenges

    In this Video Capsule series, ESG Senior Principal Analyst Jon Oltsik reviews recent ESG Research on Threat Intelligence trends.  In this segment, Jon discusses Organizational Challenges.

  • Blogs
    Aug 27, 2015

    Anticipating VMworld

    It’s the end of the summer of 2015—the nights are getting cooler, the leaves are starting to change colors, and flocks of students are abandoning the beaches of Cape Cod bound for college campuses. The seasonal change also signals another annual ritual: VMworld in San Francisco.

  • esg video capsules
    Aug 25, 2015

    ESG Video Capsule: Threat Intelligence and Enterprise Cybersecurity Practices, Part 1 - Organizational Objectives

    In this ESG Video Capsule series, ESG Senior Principal Analyst Jon Oltsik reviews recent ESG Research on Threat Intelligence trends. In this segment, Jon discusses organizational objectives.

  • Blogs
    Aug 24, 2015

    Facebook’s Threat Intelligence Sharing Potential

    Enterprise organizations are actively consuming external threat intelligence, purchasing additional threat intelligence feeds, and sharing internally-derived threat intelligence with small circles of trusted third-parties. Based upon these trends, it certainly seems like the threat intelligence market is well-established but in this case, appearances are far from reality.
  • News
    Aug 24, 2015

    4 reasons cybersecurity now requires an analytics-driven strategy - TechRepublic

  • Blogs
    Aug 19, 2015

    Incident Response: More Art than Science

    Five to ten years ago, the cybersecurity industry was mainly focused on incident prevention with tools like endpoint antivirus software, firewalls, IDS/IPS and web threat gateways. This perspective changed around 2010, driven by the Google Aurora and the subsequent obsession on advanced persistent threats (APTs).

  • Blogs
    Aug 17, 2015

    Video Recap of Black Hat 2015

    I recently attended the Black Hat 2015 conference in Las Vegas, along with ESG Senior Analyst Doug Cahill and Research Analyst Kyle Prigmore. This video summarizes our impressions of the event.

More Results:



Jon Oltsik is an ESG senior principal analyst and the founder of the firm’s cybersecurity service. With almost 30 years of technology industry experience, Jon is widely recognized as an expert in all aspects of cybersecurity and is often called upon to help customers understand a CISO's perspective and strategies. 

Full Biography