Jon Oltsik

Jon Oltsik

Jon Oltsik is an ESG senior principal analyst and the founder of the firm’s cybersecurity service. With almost 30 years of technology industry experience, Jon is widely recognized as an expert in all aspects of cybersecurity and is often called upon to help customers understand a CISO's perspective and strategies.

Jon was named one of the top 100 cybersecurity influencers for 2015 by Onalytica, and is active as a committee member of the Cybersecurity Canon, a project dedicated to identifying a list of must-read books for all cybersecurity practitioners. Often quoted in the business and technical press, Jon is also engaged in cybersecurity issues, legislation, and technology discussions within the U.S. government.

Jon has an M.B.A. and a B.A. from the University of Massachusetts, Amherst. As an escape from cybersecurity intelligence and technology, he plays guitar in a rock-and-roll cover band.

Recent Posts by Jon Oltsik:

Quick Take-Aways From the RSA Security Conference

Like many others, I’m still recovering from last week’s marathon at the RSA Security Conference in San Francisco. Here’s a shotgun list of my impressions of the show:

 

Topics: Cybersecurity risk management RSA Security Conference SOAPA

Cloud Security Will (and Should) Dominate the RSA Conference

Just a few days left before this year’s RSA Conference in San Francisco and everything points to a crazy week at the Moscone Center. I’ve heard that around 50,000 people will attend and that the Moscone Center is a mess of construction right now, so just getting in and out of the buildings may be difficult. 

Now, I’ve written a lot lately about my outlook for RSA as I expect a lot of banter around endpoint security, machine learning, security operations automation and orchestration, threat intelligence, risk management, etc. Yup, there will be a smorgasbord of topics throughout the week, but cloud security will dominate this year’s RSA Conference.

Topics: Cybersecurity cloud security

Software-defined Perimeter (SDP):  Important Initiative, Ineffective Name

For the past year or so, I’ve made the following statement, "No one has an SDP budget, but everyone has an SDP requirement."

Topics: Cybersecurity google NAC software-defined perimeter BeyondCorp

Machine Learning: Security Product or Feature?

Around 2010, security analytics technologies started to integrate big data science and open source technologies like Hadoop (and HDFS), Pig, Mahout, etc. The goal? Ingest, process, and apply new types of algorithms to security data to supplement human intelligence for finding needles in growing haystacks of security data. The US Department of Energy was an early pioneer in this area with a project called Orca from the Oak Ridge National Lab. 

Topics: Cybersecurity SIEM security analytics machine learning UEBA

CISO Perspective on the RSA Security Conference

I’ve spent a good amount of time talking to CISOs over the last few months to learn about their current priorities and how their jobs are changing. Of course, many of these security executives will be attending the RSA Security Conference in a few weeks. Based upon my meetings, here’s a sample of what CISOs will be looking for in San Francisco:

Topics: Cybersecurity threat intelligence CISO SOAPA

Is It Time to Unify Endpoint Management and Security?

Yesterday, VMware announced its intention to acquire E8 Security and integrate the technology into its Workspace ONE platform. This makes sense as Workspace ONE collects, processes, and monitors data about users, applications, networks, and endpoints. Add E8 Security and you can use this very data to fingerprint devices, build models around normal usage patterns, and identify anomalies in real-time.

Topics: Cybersecurity endpoint security endpoint management

GDPR: Look Out for 'Right to Be Forgotten Storms' Ahead

According to ESG research, 11% of organizations say they are completely prepared for the GDPR deadline on May 25, 33% are mostly prepared, and 44% are somewhat prepared.

Topics: Cybersecurity data privacy GDPR data erasure

The Proactive CISO

I’ve spent a good amount of time speaking with CISOs over the past month and plan to write up a report about what I’m learning sometime after the RSA Security Conference. In the meantime, it’s become crystal clear to me that CISOs are becoming more and more proactive in their jobs in a few areas including:

Topics: Cybersecurity threat intelligence CISO privacy GDPR

Endpoint Security Suites Must Detect/Prevent Threats AND Ease Operations

Next-generation endpoint security tools may not be the stars of this year’s RSA Security conference but they are still bound to get a lot of attention. Why? Many organizations continue to move from traditional AV controls to new types of endpoint security suites built for prevention, detection, and response.

Topics: Cybersecurity endpoint security antivirus EDR

Thinking about Identity Management for the RSA Security Conference

With February behind us, the cybersecurity industry is about to experience a push toward the annual RSA Security Conference in San Francisco. I expect around 50,000 people to attend this year. It ought to be crowded, loud, and extremely passionate.

Topics: Cloud Computing Cybersecurity IAM Enterprise Mobility