Jon Oltsik

Jon Oltsik

Jon Oltsik is an ESG senior principal analyst and the founder of the firm’s cybersecurity service. With almost 30 years of technology industry experience, Jon is widely recognized as an expert in all aspects of cybersecurity and is often called upon to help customers understand a CISO's perspective and strategies.

Jon was named one of the top 100 cybersecurity influencers for 2015 by Onalytica, and is active as a committee member of the Cybersecurity Canon, a project dedicated to identifying a list of must-read books for all cybersecurity practitioners. Often quoted in the business and technical press, Jon is also engaged in cybersecurity issues, legislation, and technology discussions within the U.S. government.

Jon has an M.B.A. and a B.A. from the University of Massachusetts, Amherst. As an escape from cybersecurity intelligence and technology, he plays guitar in a rock-and-roll cover band.

Recent Posts by Jon Oltsik:

Endpoint Detection and Response (EDR) Is Coming – In One Form or Another

locked_shield.jpegA few years ago (2016), my esteemed colleague Doug Cahill and I spoke with 30 enterprise organizations on their endpoint security requirements and strategies. Based upon these discussions, we came up with a concept called the endpoint security continuum. 

On one end of the continuum lies advanced threat prevention. This software is sometimes referred to as “next-generation AV” because it uses technologies like machine learning and threat intelligence integration to improve the threat prevention capabilities of traditional AV products. 

Topics: Cybersecurity antivirus software SOAPA EDR

SOAPA Video with Bay Dynamics (Part 1)

SOAPA-Bay-Dynamics-p1.jpgBay Dynamics CMO, Jerry Skurla, stopped by ESG to discuss how the company participates in security operations and analytics platform architecture (SOAPA). In part one of our video, Jerry and I discuss:

Topics: SOAPA Bay Dynamics

ESG Research Suggests Cybersecurity Skills Shortage Is Getting Worse

Each year, ESG does an annual global survey on the state of IT – the business value of IT, new IT initiatives, areas of concern, etc. This year’s research is based upon a survey of 620 IT and cybersecurity professional across all industries, with respondents working in North America and Western Europe.

ESG asks respondents to identify areas where they have a “problematic shortage” of skills on an annual basis. Once again in 2018, survey respondents say that cybersecurity represents the biggest area where their organizations have a problematic shortage of cybersecurity skills. The #2 response was IT architecture/planning, and the #3 response was server/virtualization administration.

Topics: Cybersecurity IT Spending Intentions skills shortage

Growth in Endpoint Security as a Service in 2018

endpoint-security.jpgThe global cybersecurity skills shortage won’t ease anytime soon. In fact, there’s ample evidence to suggest that things are getting worse (more on this point soon). So, what can organizations do to bridge the skills gap? Rely on service providers for help. 

Topics: Cybersecurity cybersecurity skills shortage endpoint security antivirus mssp threat hunting 2018 Predictions GDPR

CISOs Should Examine Commercial SOAPA Offerings in 2018

For over a year now, I’ve written about a burgeoning security technology initiative that ESG calls a security operations and analytics platform architecture (SOAPA).  Here’s a link to original blog I posted about SOAPA back in November 2016. 

Topics: Cybersecurity SIEM security operations SOAPA

Why Do CISOs Change Jobs So Frequently?

Happy 2018 everyone – let’s hope that this is a good year for cybersecurity professionals and global cyber safety. 

Of course, an organization’s cybersecurity success is often a function of the effectiveness of the CISO. A strong CISO can mean the difference between functional cybersecurity and constant chaos. 

Topics: Cybersecurity cybersecurity skills shortage CISO

SOAPA Video with Kenna Security (Part 2)

In part 2 of the video with Kenna Security, CEO Karim Toubba continued to explain why and how vulnerability and risk management have a fundamental place within a security operations and analytics platform architecture (SOAPA). Our discussion focused on:

  • The cybersecurity skills shortage. Anyone who's read my blogs knows this is a frequent topic of mine as I believe the cybersecurity skills shortage represents an existential risk to all our online safety. Karim agrees that it’s a problem and believes we need to apply compute cycles and artificial intelligence algorithms to process, analyze, and act upon the growing mountain of security data.
Topics: Cybersecurity SOAPA security operations analytics platform Kenna Security

CISO’s New Year’s Resolutions

Most people have a few New Year’s resolutions – lose some weight, exercise more, spend more time with the family, etc. Based upon ESG research and many discussions with cybersecurity professionals, here’s a list of New Year’s resolutions for enterprise CISOs:

  1. Lead the effort to make cybersecurity part of the organizational culture. ESG/ISSA research indicates that 24% of organizations claim that business managers still don’t understand or support the right level of cybersecurity. In 2018, CISOs must alter this cybersecurity ignorance and apathy. How? Make a concerted effort to gain the CEO's support. Establish regular communications with all line-of-business managers. Work to better quantify risk in ways that business managers can understand and act upon. Get involved with business process initiatives before software developers begin writing code. Push HR for more hands-on training. Walk the floor and meet employees on a regular basis. CISOs must push as hard as they can in 2018. Those that make a difference can have a personal impact on risk mitigation across the organization. Those that fail should be ready to seek other employment in 2019.
Topics: Cybersecurity CISO ISSA SOAPA

SOAPA Video with Kenna Security (Part 1)

Karim Toubba, CEO of Kenna Security, stopped by the ESG studio to discuss SOAPA and its application to vulnerability management. In part 1 of our video, Karim and I discuss:

  1. The problem with vulnerability management. Vulnerability management is one of the most mature categories of cybersecurity technology so I pressed Karim on why it applies to a new architecture like SOAPA. His response was intriguing – the issue is sorting through all the data as enterprises are dealing with millions of vulnerabilities across a full technology stack from host systems to applications to cloud workloads. SOAPA and new types of data analytics can help organizations process and manage the data, making it more useful for decision making.
Topics: Cybersecurity vulnerability management SOAPA Kenna Security

Cybersecurity Past to Predict the Future

As part of the recently published research report from ESG and the information systems security association (ISSA) titled, The Life and Times of Cybersecurity Professionals, 343 infosec pros were asked to identify the cybersecurity actions their organizations have taken over the past few years. This list serves as a good foundation for what we can expect in 2018. 

The top responses were as follows:

Topics: Cybersecurity risk management NIST ISSA