Most Recent Blogs

What is an Enterprise-class Cybersecurity Vendor?

Posted: August 17, 2017   /   By: Jon Oltsik   /   Tags: Information Security, IBM, Cybersecurity, Cisco, McAfee, Symantec, CISO, NIST, ISSA

Question-mark.jpgOn Monday of this week, I posted a blog about enterprise-class cybersecurity vendors. Which vendors are considered enterprise-class? According to recent ESG research, Cisco, IBM, Symantec, and McAfee top the list. 

This blog addressed the “who” question but not the “what.” In other words, just what is an enterprise-class cybersecurity vendor anyway? As part of its research survey, ESG asked 176 cybersecurity and IT professionals to identify the most important characteristics of an enterprise-class cybersecurity vendor. The data reveals that:

  • 35% of survey respondents say the most important attribute for an enterprise-class cybersecurity vendor is cybersecurity expertise specific to their organization’s industry. In other words, enterprise-class cybersecurity vendors need more than horizontal security solutions, they need to understand explicit industry business processes, regulations, organizational dynamics, global footprints, etc.
Read More

Cybersecurity Skills Shortage Threatens the Mid-market

Posted: April 21, 2017   /   By: Jon Oltsik   /   Tags: Cybersecurity, cybersecurity skills shortage, CISO, NIST, ISSA

skills-training.jpgESG conducts an annual global survey of IT and cybersecurity professionals, and this year’s survey included 641 global respondents. Each year, these respondents are asked to identify the area where their organizations have a problematic shortage of skills.  or the sixth year in a row, cybersecurity skills topped the list—this year, 45% of respondents say that their organization has a problematic shortage of cybersecurity skills. 

Read More

Looking Back to Look Forward on Cybersecurity

Posted: December 22, 2016   /   By: Jon Oltsik   /   Tags: Network Security, Cybersecurity, endpoint security, NIST, cloud security, ISSA

city_road.jpgBy now, everyone in our industry has provided 2017 cybersecurity predictions and I’m no exception. I participated in a 2017 infosec forecast webcast with industry guru Bruce Schneier, and ESG also published a video where I exchanged cybersecurity prophecies with my colleague Doug Cahill.

Read More

New Research Reveals Cybersecurity Skills Shortage Impact

Posted: December 16, 2016   /   By: Jon Oltsik   /   Tags: Cybersecurity, cybersecurity skills shortage, NICE, NIST, ISSA

skills-shortage.jpgWhen it comes to the cybersecurity skills shortage, I am somewhat of a “Chicken Little” as I’ve been screaming about this issue for the last 5 years or so. As an example, ESG research conducted in early 2016 indicated that 46% of organizations said that they have a problematic shortage of cybersecurity skills.

Read More

Trump Cybersecurity Dos and Don’ts

Posted: December 02, 2016   /   By: Jon Oltsik   /   Tags: Cybersecurity, NICE, nsa, NIST, NSF, Barack Obama, Donald Trump, United States of America

dos_and_don'ts.jpgPresident-elect Donald Trump ran a campaign focused on national security and making America great again through economic reform. Clearly both goals should include policies and programs to bolster the nation’s cybersecurity capabilities. This shouldn’t be an abstract concept to Mr. Trump after an election cycle featuring Russian hacks and WikiLeaks posts. 

To reinforce this priority, it is also worth noting that in a pre-election survey by ESG research, 49% of cybersecurity professionals said that cybersecurity is a critical issue and should be the top national security priority for the next President while 45% said cybersecurity is a very important issue and should be one of the top national security priorities for the next President. If those citizens on the front-line see cybersecurity as a major priority, this should speak volumes to the President-elect. 

Read More

Cybersecurity salary inflation — a red flag

Posted: April 18, 2016   /   By: Jon Oltsik   /   Tags: Cybersecurity, cybersecurity skills shortage, NICE, NIST

If you follow my blog at all you know that I am quite passionate about the cybersecurity skills shortage and its ramifications. Just to put this issue in perspective, ESG research indicates that 46% of organizations claim they have a “problematic shortage” of cybersecurity skills in 2016 as compared to 28% in 2015. 

Read More

Henry Ford and Incident Response

Posted: February 12, 2016   /   By: Jon Oltsik   /   Tags: Cybersecurity, incident response, NIST

incident responseIn the early 1900s, Henry Ford was intent on making the Model T an affordable car for the masses. To do so he had to figure out a way to vastly improve the company’s manufacturing efficiency in order to lower consumer prices. Ford’s solved this problem by adopting a modern manufacturing assembly line based upon four principles: interchangeable parts, continuous flow, division of labor, and reducing wasted efforts. 

Read More

Incident Response: More Art than Science

Posted: August 19, 2015   /   By: Jon Oltsik   /   Tags: Cybersecurity, DHS, incident response, cybercrime, NIST

08-19-15_IS_Blog_ImageFive to ten years ago, the cybersecurity industry was mainly focused on incident prevention with tools like endpoint antivirus software, firewalls, IDS/IPS and web threat gateways. This perspective changed around 2010, driven by the Google Aurora and the subsequent obsession on advanced persistent threats (APTs). 

Read More

Cybersecurity, Critical Infrastructure, and the Federal Government

Posted: April 29, 2015   /   By: Jon Oltsik   /   Tags: Cybersecurity, US government, NIST, Critical Infrastructure, Critical Infrastructure Protection

speeding_trafficThe term “critical infrastructure” is used by governments around the world to describe industries and physical assets deemed essential to their economies and national security. Critical infrastructure industries include agriculture, electricity generation, financial services, health care, telecommunications, and government services like law enforcement and the water supply (i.e., drinking water, waste water, dams, etc.).

Read More

Advanced Malware Detection and Response and Other Cybersecurity Services on the Rise

Posted: April 22, 2014   /   By: Jon Oltsik   /   Tags: IBM, Cloud Computing, Cybersecurity, Palo Alto Networks, Cisco, Information and Risk Management, FireEye, HP, Dell, Security and Privacy, Security, Mandiant, Lockheed, DHS, Barracuda, Booz Allen Hamilton, bromium, Leidos, nsa, Cylance, cybercrime, CSC, Damballa, NIST, BT, NSF, mssp

Think about all of the cybersecurity industry activity with advanced malware detection and response and what comes to mind? Most people would probably focus on technology vendors like Bromium, Cylance, Damballa, FireEye, and Palo Alto Networks since these firms have garnered headlines, raised vast fortunes of VC funding, and even pushed through successful IPOs.

Read More

Posts by Topic

see all