Jon Oltsik

Senior Principal Analyst

  • Blogs
    Sep 2, 2015

    The RMS Titanic and Cybersecurity

    Little known fact: Yesterday was the 30th anniversary of Bob Ballard’s discovery of the RMS Titanic, several hundred miles off the coast of Newfoundland Canada. I’ve recently done some research into the ship, its builders, and its ultimate fate and believe that lessons learned from Titanic may be useful for the cybersecurity community at large.

  • esg video capsules
    Aug 31, 2015

    Threat Intelligence and Enterprise Cybersecurity Practices - Part 2 - Organizational Challenges

    In this Video Capsule series, ESG Senior Principal Analyst Jon Oltsik reviews recent ESG Research on Threat Intelligence trends.  In this segment, Jon discusses Organizational Challenges.

  • Blogs
    Aug 27, 2015

    Anticipating VMworld

    It’s the end of the summer of 2015—the nights are getting cooler, the leaves are starting to change colors, and flocks of students are abandoning the beaches of Cape Cod bound for college campuses. The seasonal change also signals another annual ritual: VMworld in San Francisco.

  • esg video capsules
    Aug 25, 2015

    ESG Video Capsule: Threat Intelligence and Enterprise Cybersecurity Practices, Part 1 - Organizational Objectives

    In this ESG Video Capsule series, ESG Senior Principal Analyst Jon Oltsik reviews recent ESG Research on Threat Intelligence trends. In this segment, Jon discusses organizational objectives.

  • Blogs
    Aug 24, 2015

    Facebook’s Threat Intelligence Sharing Potential

    Enterprise organizations are actively consuming external threat intelligence, purchasing additional threat intelligence feeds, and sharing internally-derived threat intelligence with small circles of trusted third-parties. Based upon these trends, it certainly seems like the threat intelligence market is well-established but in this case, appearances are far from reality.
  • News
    Aug 24, 2015

    4 reasons cybersecurity now requires an analytics-driven strategy - TechRepublic

  • Blogs
    Aug 19, 2015

    Incident Response: More Art than Science

    Five to ten years ago, the cybersecurity industry was mainly focused on incident prevention with tools like endpoint antivirus software, firewalls, IDS/IPS and web threat gateways. This perspective changed around 2010, driven by the Google Aurora and the subsequent obsession on advanced persistent threats (APTs).

  • Blogs
    Aug 17, 2015

    Video Recap of Black Hat 2015

    I recently attended the Black Hat 2015 conference in Las Vegas, along with ESG Senior Analyst Doug Cahill and Research Analyst Kyle Prigmore. This video summarizes our impressions of the event.
  • Blogs
    Aug 13, 2015

    Enterprises Are Analyzing Lots of Internal Cybersecurity Data

    The cybersecurity industry has been talking about the intersection of big data and cybersecurity analytics for years, but is this actually a reality or nothing more than marketing hype? The recently published ESG research report titled, Threat Intelligence and Its Role Within Enterprise Cybersecurity Practices, only reinforces my belief that big data security is tangible today, and enterprises will only double down in the future.

  • Blogs
    Aug 11, 2015

    Black Hat Boogie

    I spent all of last week in Las Vegas at Black Hat 2015. I used to pass on Black Hat, but no longer – it is a great opportunity for getting into the cybersecurity weeds with the right people who can talk about evasion techniques, malware, threat actors, and vulnerabilities. Alternatively, RSA Security conference conversations tend to center on things like IPOs, market trends, and PowerPoint presentations.

  • News
    Aug 11, 2015

    Google is moving towards the hosted desktop – but they can go one step further - Cloud Tech

  • Blogs
    Aug 3, 2015

    Cloud Security Challenges for Enterprise Organizations (Video)

    IT organizations are dealing with security issues and an increased use of cloud computing. This leads to a perfect storm of problems. In this ESG Blog Video, I discuss an upcoming ESG research project on these cloud security challenges for enterprise organizations. We will be looking to answer a lot of your questions and remove much of the confusion in the market.

  • Blogs
    Jul 30, 2015

    Black Hat Is About Cybersecurity People and Processes

    Over the past few years, the RSA Security Conference has become a marquee technology industry event. It has really outgrown its humble roots in cryptography and Layer 3 and 4 packet filtering – now RSA is where technology industry bigwigs meet, drink exquisite Napa Valley wine, get a broad perspective of the cybersecurity industry, and do deals.

  • Blogs
    Jul 28, 2015

    Cybersecurity Technology Integration Changes Everything

    I have been writing about cybersecurity technology integration a lot lately. For example, here’s a blog I posted in May of this year about the cybersecurity technology integration trends I see in the market.

  • Blogs
    Jul 24, 2015

    Cybersecurity Canon and The Florentine Deception

    I first met cybersecurity veteran, Rick Howard, when he joined Palo Alto Networks as Chief Security Officer. During our discussion, Rick mentioned an idea he was promoting for a cybersecurity canon: A list of must-read books for all cybersecurity practitioners -- be they from industry, government, or academia -- where the content is timeless, genuinely represents an aspect of the community that is true and precise, reflects the highest quality and that, if not read, will leave a hole in the cybersecurity professional’s education that will make the practitioner incomplete.

More Results:



Jon Oltsik is an ESG senior principal analyst and the founder of the firm’s cybersecurity service. With almost 30 years of technology industry experience, Jon is widely recognized as an expert in all aspects of cybersecurity and is often called upon to help customers understand a CISO's perspective and strategies. 

Full Biography