Most Recent Blogs

What is an Enterprise-class Cybersecurity Vendor?

Posted: August 17, 2017   /   By: Jon Oltsik   /   Tags: Information Security, IBM, Cybersecurity, Cisco, McAfee, Symantec, CISO, NIST, ISSA

Question-mark.jpgOn Monday of this week, I posted a blog about enterprise-class cybersecurity vendors. Which vendors are considered enterprise-class? According to recent ESG research, Cisco, IBM, Symantec, and McAfee top the list. 

This blog addressed the “who” question but not the “what.” In other words, just what is an enterprise-class cybersecurity vendor anyway? As part of its research survey, ESG asked 176 cybersecurity and IT professionals to identify the most important characteristics of an enterprise-class cybersecurity vendor. The data reveals that:

  • 35% of survey respondents say the most important attribute for an enterprise-class cybersecurity vendor is cybersecurity expertise specific to their organization’s industry. In other words, enterprise-class cybersecurity vendors need more than horizontal security solutions, they need to understand explicit industry business processes, regulations, organizational dynamics, global footprints, etc.
Read More

Cybersecurity Analytics and Operations Skills Shortage

Posted: August 10, 2017   /   By: Jon Oltsik   /   Tags: Cybersecurity, SIEM, CISO, security analytics, mssp, security operations, ISSA, SOC

skill-shortage-cyber.jpgIf you’ve followed my writing, you know that I passionately broadcast issues related to the global cybersecurity skills shortage. Allow me to report some sad news: Things aren’t improving at all. In 2016, 46% of organizations reported a problematic shortage of cybersecurity skills. In 2017, the research is statistically the same as last year; 45% of organizations say they have a problematic shortage of cybersecurity skills.

Read More

Cybersecurity Skills Shortage Impact on Technology Innovation

Posted: April 25, 2017   /   By: Jon Oltsik   /   Tags: Network Security, Cybersecurity, ISSA, SOAPA, security operations and analytic platform

I continue to research and write about the ongoing global cybersecurity skills shortage. For example, ESG research indicates that 45% of organizations report a problematic shortage of cybersecurity skills today, more than any other area within IT.

Want more?  Here are a few tidbits from last year’s research project done in conjunction with the Information Systems Security Association (ISSA). In a survey of 437 cybersecurity professionals and ISSA members:

Read More

Cybersecurity Skills Shortage Threatens the Mid-market

Posted: April 21, 2017   /   By: Jon Oltsik   /   Tags: Cybersecurity, cybersecurity skills shortage, CISO, NIST, ISSA

skills-training.jpgESG conducts an annual global survey of IT and cybersecurity professionals, and this year’s survey included 641 global respondents. Each year, these respondents are asked to identify the area where their organizations have a problematic shortage of skills.  or the sixth year in a row, cybersecurity skills topped the list—this year, 45% of respondents say that their organization has a problematic shortage of cybersecurity skills. 

Read More

People, Process, and Technology Challenges with Security Operations

Posted: April 11, 2017   /   By: Jon Oltsik   /   Tags: Cybersecurity, SIEM, network security operations, ISSA, SOAPA, SOC

sharing_in_business.jpgThese days, it’s tough for any organization to keep up with cybersecurity operations. Why? Well the bad guys are pretty persistent for starters, launching a blitzkrieg of attacks and new types of exploits all the time. 

Okay, hackers are relentless but we’ve always known this and their behavior isn’t likely to change anytime soon. What’s really disturbing, however, is that a lot of problems associated with cybersecurity are based upon our own intransigence. And organizations aren’t struggling with one issue, rather, cybersecurity operations challenges tend to be spread across people, processes and technology. When it comes to security operations, it’s kind of a ‘death by a thousand cuts’ situation. 

Read More

Cybersecurity Skills Shortage Holding Steady

Posted: March 07, 2017   /   By: Jon Oltsik   /   Tags: Cybersecurity, cybersecurity skills shortage, CISO, ISSA

skills-shortage.jpgThe cybersecurity skills shortage is nothing new—I’ve been writing about it for years, as have other analysts and researchers.  I’ve also done countless presentations on this topic. Here’s a video where I’m interviewed on the cybersecurity skills shortage at the RSA Conference a few years ago. I also presented on this topic at the RSA Conference that same year. 

Read More

IT Experience Can Be Beneficial for a Cybersecurity Career

Posted: March 01, 2017   /   By: Jon Oltsik   /   Tags: Cybersecurity, cybersecurity skills shortage, ISSA

training.jpgGiven my interest in cybersecurity skills and training, I’m contacted by academic institutions, professional organizations, and training companies with news about some type of cybersecurity education curriculum. This isn’t surprising given the global shortage of cybersecurity skills. New ESG research discloses that 45% of organizations report a problematic shortage of cybersecurity skills in 2017.

Clearly we need more smart and well-prepared people to enter the cybersecurity ranks but it’s important to note that most cybersecurity professionals don’t enter the workforce directly from college or training programs. According to research conducted in 2016 by ESG and the Information Systems Security Association (ISSA), 78% of cybersecurity professionals follow a more indirect route. These folks start their careers as IT professionals and make their way into cybersecurity as their careers progress. (Note:  The two ESG/ISSA research reports are available for free download here).

Read More

Remarkably, Many Organizations Still Opt for 'Good Enough' Cybersecurity

Posted: January 23, 2017   /   By: Jon Oltsik   /   Tags: Cybersecurity, malware, CISO, cybercrime, ISSA

security_key.jpgLate last year, ESG published a research report titled Through the Eyes of Cyber Security Professionals, in collaboration with the Information Systems Security Association (ISSA). As part of this report, 437 cybersecurity professionals and ISSA members were asked if they’d experienced a number of types of security incidents.  The research revealed that:

  • 39% of organizations experienced one or several security incidents resulting in the need to reimage one or several endpoints or servers.
  • 27% of organizations experienced one or several incidents of ransomware.
  • 20% of organizations experienced one or several incidents resulting in the disruption of a business application.
  • 19% of organizations experienced one or several incidents resulting in the disruption of a business process.

Read More

Looking Back to Look Forward on Cybersecurity

Posted: December 22, 2016   /   By: Jon Oltsik   /   Tags: Network Security, Cybersecurity, endpoint security, NIST, cloud security, ISSA

city_road.jpgBy now, everyone in our industry has provided 2017 cybersecurity predictions and I’m no exception. I participated in a 2017 infosec forecast webcast with industry guru Bruce Schneier, and ESG also published a video where I exchanged cybersecurity prophecies with my colleague Doug Cahill.

Read More

New Research Reveals Cybersecurity Skills Shortage Impact

Posted: December 16, 2016   /   By: Jon Oltsik   /   Tags: Cybersecurity, cybersecurity skills shortage, NICE, NIST, ISSA

skills-shortage.jpgWhen it comes to the cybersecurity skills shortage, I am somewhat of a “Chicken Little” as I’ve been screaming about this issue for the last 5 years or so. As an example, ESG research conducted in early 2016 indicated that 46% of organizations said that they have a problematic shortage of cybersecurity skills.

Read More

Posts by Topic

see all