Most Recent Blogs

Federal cybersecurity boondoggle: the Software Assurance Marketplace (SWAMP)

Posted: June 16, 2016   /   By: Jon Oltsik   /   Tags: Cybersecurity, DHS, software assurance, software assurance marketplace

StateHouse.jpgWay back in February, I wrote a blog about President Obama’s proposed Cybersecurity National Action Plan (CNAP). As part of this plan, the President called for $19 billion for cybersecurity as part of the 2017 fiscal year federal budget, a 35% increase over 2016 spending. 

While CNAP has a lot of thoughtful and positive proposals, I’m troubled by the fact that federal cybersecurity programs seem to have a life of their own with little oversight or ROI benefits. I often cite DHS’s Einstein project as an example of this type of government cybersecurity waste. In my humble opinion, the feds are spending hundreds of millions of dollars on custom research and development for Einstein when commercial off-the-shelf (COTS) network security products could do the same job at a fraction of the cost.

Read More

Incident Response: More Art than Science

Posted: August 19, 2015   /   By: Jon Oltsik   /   Tags: Cybersecurity, DHS, incident response, cybercrime, NIST

08-19-15_IS_Blog_ImageFive to ten years ago, the cybersecurity industry was mainly focused on incident prevention with tools like endpoint antivirus software, firewalls, IDS/IPS and web threat gateways. This perspective changed around 2010, driven by the Google Aurora and the subsequent obsession on advanced persistent threats (APTs). 

Read More

The Highs and Lows of Cybersecurity Integration

Posted: May 29, 2015   /   By: Jon Oltsik   /   Tags: Information Security, Cybersecurity, DHS, FIDO, DoD

digital_lockBased upon anecdotal evidence, I estimate that the average large enterprise organization uses more than 70 different security tools from an assortment of vendors. As they say in Texas, “that dog don’t hunt.” In other words, it’s nearly impossible to maintain strong security hygiene or establish best practices when the security organization is chasing cybersecurity optimization on a tool-by-tool basis.

Read More

Enterprises Need Outside-In Continuous Monitoring for Risk Management

Posted: April 24, 2014   /   By: Jon Oltsik   /   Tags: IBM, Cloud Computing, Cybersecurity, Information and Risk Management, Security and Privacy, Security, risk management, DHS, Booz Allen Hamilton, Lockheed Martin, RiskIQ, BitSight, Target, CSC, CDM, cyber supply chain security, Public Cloud Service

Ask any CISO what their job entails and they are likely to respond with a common mantra: Assess IT risk, communicate IT risk to business executives, and then create and execute a mutually agreed upon plan to address risk.

Read More

Advanced Malware Detection and Response and Other Cybersecurity Services on the Rise

Posted: April 22, 2014   /   By: Jon Oltsik   /   Tags: IBM, Cloud Computing, Cybersecurity, Palo Alto Networks, Cisco, Information and Risk Management, FireEye, HP, Dell, Security and Privacy, Security, Mandiant, Lockheed, DHS, Barracuda, Booz Allen Hamilton, bromium, Leidos, nsa, Cylance, cybercrime, CSC, Damballa, NIST, BT, NSF, mssp

Think about all of the cybersecurity industry activity with advanced malware detection and response and what comes to mind? Most people would probably focus on technology vendors like Bromium, Cylance, Damballa, FireEye, and Palo Alto Networks since these firms have garnered headlines, raised vast fortunes of VC funding, and even pushed through successful IPOs.

Read More

“Cold” Topics at RSA that Should Receive More Attention

Posted: February 21, 2014   /   By: Jon Oltsik   /   Tags: Information and Risk Management, Security and Privacy, Security, cybersecurity skills shortage, google, Bradford Networks, Cybereason, LogRhythm, compliance, DHS, ForeScout, CybOX, Great Bay Software, Lancope, Edward Snowden, Facebook, FIDO

In my blog yesterday, I outlined the hot topics I anticipate at this year’s RSA Security Conference. Since the show is dominated by security vendors, the show hype will focus on products, services, and various technologies.

So what’s missing? A broader discussion on cybersecurity issues, trends, collective efforts, and best practices. Yes, these subjects will get some attention in presentations and break-out sessions but the show floor and cocktail party banter will lean toward a myopic security perspective around bits and bytes.

Read More

More On The Security Skills Shortage Issue

Posted: June 21, 2012   /   By: Jon Oltsik   /   Tags: Information Security, Cloud Computing, Network Security, Cybersecurity, End-User Computing, Endpoint & Application Virtualization, IT Infrastructure, Private Cloud Infrastructure, Networking, Information and Risk Management, mobile, Security and Privacy, BYOD, endpoint security, DHS, Symantec, federal government, nsa, security analytics, DoD, security skills, cloud security

I frequently peruse information security news, and recently came across this article. The article highlights Symantec CEO Enrique Salem's warning of a shortage of talented cybersecurity professionals in the United States. Furthermore, this shortage is especially pronounced where it may be needed most -- law enforcement, intelligence agencies, and the Department of Defense.

Read More

CIOs Should Prepare for the London 2012 Olympics

Posted: June 13, 2012   /   By: Jon Oltsik   /   Tags: End-User Computing, Data Management & Analytics, IT Infrastructure, Networking, Information and Risk Management, Enterprise Software, mobile, Security and Privacy, DHS, Data Analytics, Content Management, Search, Social Enterprise, cybercrime, Archiving, London, WAN Optimization, BlueCoat, web application security

The London Olympics kick off on July 27, about 5 weeks from now. Naturally, the Olympics represents international competition, athletic achievement, and host-country pomp and circumstance. Great entertainment as always but CIOs and CISOs should pay more than casual attention to the London games for several reasons:

Read More

Posts by Topic

see all