Jon Oltsik

Senior Principal Analyst

  • Blogs
    Aug 13, 2015

    Enterprises Are Analyzing Lots of Internal Cybersecurity Data

    The cybersecurity industry has been talking about the intersection of big data and cybersecurity analytics for years, but is this actually a reality or nothing more than marketing hype? The recently published ESG research report titled, Threat Intelligence and Its Role Within Enterprise Cybersecurity Practices, only reinforces my belief that big data security is tangible today, and enterprises will only double down in the future.

  • Blogs
    Aug 11, 2015

    Black Hat Boogie

    I spent all of last week in Las Vegas at Black Hat 2015. I used to pass on Black Hat, but no longer – it is a great opportunity for getting into the cybersecurity weeds with the right people who can talk about evasion techniques, malware, threat actors, and vulnerabilities. Alternatively, RSA Security conference conversations tend to center on things like IPOs, market trends, and PowerPoint presentations.

  • News
    Aug 11, 2015

    Google is moving towards the hosted desktop – but they can go one step further - Cloud Tech

  • Blogs
    Aug 3, 2015

    Cloud Security Challenges for Enterprise Organizations (Video)

    IT organizations are dealing with security issues and an increased use of cloud computing. This leads to a perfect storm of problems. In this ESG Blog Video, I discuss an upcoming ESG research project on these cloud security challenges for enterprise organizations. We will be looking to answer a lot of your questions and remove much of the confusion in the market.

  • Blogs
    Jul 30, 2015

    Black Hat Is About Cybersecurity People and Processes

    Over the past few years, the RSA Security Conference has become a marquee technology industry event. It has really outgrown its humble roots in cryptography and Layer 3 and 4 packet filtering – now RSA is where technology industry bigwigs meet, drink exquisite Napa Valley wine, get a broad perspective of the cybersecurity industry, and do deals.

  • Blogs
    Jul 28, 2015

    Cybersecurity Technology Integration Changes Everything

    I have been writing about cybersecurity technology integration a lot lately. For example, here’s a blog I posted in May of this year about the cybersecurity technology integration trends I see in the market.

  • Blogs
    Jul 24, 2015

    Cybersecurity Canon and The Florentine Deception

    I first met cybersecurity veteran, Rick Howard, when he joined Palo Alto Networks as Chief Security Officer. During our discussion, Rick mentioned an idea he was promoting for a cybersecurity canon: A list of must-read books for all cybersecurity practitioners -- be they from industry, government, or academia -- where the content is timeless, genuinely represents an aspect of the community that is true and precise, reflects the highest quality and that, if not read, will leave a hole in the cybersecurity professional’s education that will make the practitioner incomplete.

  • Blogs
    Jul 22, 2015

    Measuring the Quality of Commercial Threat Intelligence

    In my most recent blog, I described how a recently published ESG research report on threat intelligence revealed a number of issues around commercial threat intelligence quality.

  • Blogs
    Jul 17, 2015

    Are There Qualitative Differences Between Threat Intelligence Feeds?

    While cyber threat intelligence hype is at an all-time high across the industry, many enterprise organizations are actually building internal programs and processes for threat intelligence consumption, analysis, and operationalization.

  • video
    Jul 15, 2015

    ESG Welcomes Doug Cahill

    Senior Principal Analyst Jon Oltsik welcomes Senior Analyst Doug Cahill to ESG's Cybersecurity segment.

  • Blogs
    Jul 14, 2015

    Cybersecurity Lessons from W. Edwards Deming

    In 2014, ESG published a research report on network security. Cybersecurity professionals working at enterprise organizations (i.e., more than 1,000 employees) were asked to identify some of their biggest network security challenges.

  • Blogs
    Jul 9, 2015

    Enterprise Objectives for Threat Intelligence Programs

    It wouldn’t be a stretch to call 2015 the year of threat intelligence. In February, President Obama signed an executive order at a cybersecurity event held at Stanford University that encourages and promotes threat intelligence sharing between the private sector and federal government. Meanwhile, the US Congress has introduced several threat sharing bills of their own. And at the annual RSA Security Conference in April, threat intelligence was clearly one of the primary topics of discussion among cybersecurity professionals, technology vendors, and government representatives.

  • briefs
    Jul 7, 2015

    Tanium Helping Enterprises Regain Control of Endpoints

    Endpoint security is getting more difficult as organizations struggle to manage, secure, and inventory their devices. IT security professionals are expected to support bring-your-own-device (BYOD) and mobility initiatives, but the realities of implementing those initiatives at scale can be overwhelmingly complex. Organizations seeking to improve their operational efficiency when it comes to endpoint management and security may want to investigate Tanium, a security vendor that can help organizations manage and secure endpoints in a variety of ways.

  • Blogs
    Jul 7, 2015

    Beware Cybersecurity Charlatanism

    Cybersecurity headlines have a new angle lately. Aside from discussions about the OPM breach and Chinese cyber-espionage, there are also lots of stories about 52-week high stock prices of cybersecurity darlings like CyberArk, FireEye, Palo Alto Networks, and Splunk. I’ve also read reports about imminent IPOs and investment firms that created several new cybersecurity ETFs.

  • briefs
    Jul 6, 2015

    FireEye Broadening Endpoint Security Platform to Include Threat Protection

    FireEye recently unveiled an expanded endpoint threat protection platform that includes the prevention of endpoint attacks. FireEye has ridden a tremendous amount of momentum in security investigation, endpoint forensics, and professional services, yet endpoint protection has not been considered a foundational strength. This offering should change that perception by positioning FireEye as a more holistic endpoint security provider for organizations—before, during, and after a cyber-attack.

More Results:



Jon Oltsik is an ESG senior principal analyst and the founder of the firm’s cybersecurity service. With almost 30 years of technology industry experience, Jon is widely recognized as an expert in all aspects of cybersecurity and is often called upon to help customers understand a CISO's perspective and strategies. 

Full Biography