Most Recent Blogs

Enterprise Organizations Describe Weaknesses in Malware Detection and Protection

Posted: January 15, 2014   /   By: Jon Oltsik   /   Tags: IBM, Palo Alto Networks, Information and Risk Management, FireEye, Security and Privacy, Security, malware, Mandiant, Barracuda, Leidos, Target, cybercrime, CSC, Anti-malware, NIST, APT, Unisys, Splunk

Well here we are halfway through January and you can’t cross the street without hearing about a malware attack or security breach somewhere – Neiman Marcus, Target, Yahoo, Yikes!

When my non-technical friends ask me what they should expect moving forward, I’m not exactly a beacon of hope. My usual response is something like, “get used to it, things will likely get worse.”

Read More

The Security Industry Remains Strong with Computer Science but Weak on IT

Posted: November 18, 2013   /   By: Jon Oltsik   /   Tags: IBM, Cybersecurity, Cisco, Information and Risk Management, FireEye, HP, Dell, Oracle, Security and Privacy, Security, Enterprise, SIEM, E&Y, Leidos, Accenture, CISO, saic, IPO, Security Management, CSC, Unisys

Last week, I was in Silicon Valley meeting with a parade of CISOs and security vendors. Business travel is no “day at the beach,” but these trips really help me keep up with the latest enterprise security challenges and potential technology solutions.

It was also nice to spend time in the Valley and re-charge my batteries toward the security industry. There was a lot of excitement out there as a result of business growth, VC investment, and the wildly successful FireEye IPO.

Read More

The Security Skills Shortage Is Worse Than You Think

Posted: August 30, 2012   /   By: Jon Oltsik   /   Tags: IBM, Cloud Computing, Check Point, Palo Alto Networks, Private Cloud Infrastructure, Information and Risk Management, Sourcefire, HP, Dell, McAfee, Security and Privacy, BYOD, Raytheon, Lockheed Martin, trend micro, Symantec, saic, CSC, BT, Verizon, Unisys, Server Virtualization, security skills, Public Cloud Service

I’ve written a lot about the security skills shortage but it is worth reviewing a bit of data here for context. According to ESG Research, 55% of enterprise organizations (i.e., those with more than 1,000 employees) plan to hire additional security professionals in 2012 but they are extremely hard to find. In fact, 83% of enterprises claim that it is “extremely difficult” or “somewhat difficult” to recruit and/or hire security professionals in the current market.

Given this data, it is fair to assume that many IT security organizations are short staffed and pushing the security team to its limits. As if this wasn’t bad enough, ESG data also points to 3 trends that exacerbate the security skills shortage further impacting the effectiveness of the precious few security personnel in place:

  1. Critical skills deficits. Along with the shortage of staff, many organizations report that their security staff lacks skills in critical areas such as network security, cloud computing/server virtualization security, mobile device security, and security analysis/forensics.
  2. Security staff time management. Large organizations indicate that one of their biggest problems is that their security professionals spend an inordinate amount of their time putting out fires. This limits the time for other more proactive security activities.
  3. Security tools complexity and lack of automation. Security vendors built tools rich in feature/functionality and designed for customization. Unfortunately, many large organizations don’t have the time or staff necessary to fine-tune them or develop expertise in their use.
Read More

Big Data Security Is Inevitable

Posted: July 12, 2012   /   By: Jon Oltsik   /   Tags: IBM, Big Data, Data Management & Analytics, Hadoop, Information and Risk Management, HP, Dell, McAfee, Enterprise Software, Security and Privacy, risk management, NoSQL, SIEM, Data Analytics, Symantec, RSA, log management, Cassandra, security analytics, BT, Verizon, Unisys, vulnerability management, threat management, Tibco

There's been a fair amount of discussion about the fact that security analytics is becoming a big data problem. I participated on a big data security panel at RSA and I believe there were a few others on this topic as well.

Read More

Security Services Continue to Grow -- In the Enterprise

Posted: June 27, 2012   /   By: Jon Oltsik   /   Tags: IBM, Cloud Computing, EMC, Private Cloud Infrastructure, Information and Risk Management, HP, Security and Privacy, Security, SIEM, Symantec, RSA, CISO, CSC, BT, mssp, Verizon, Unisys, security services, venture capital, Server Virtualization, security skills, Public Cloud Service

In my last blog, I presented some data about the extremely critical but often ignored security skills shortage. While 55% of enterprise organizations (i.e., more than 1,000 employees) plan to add information security headcount this year, 83% say it is "extremely difficult" or "somewhat difficult" to recruit and hire these folks.

Read More

Anticipating the RSA Conference 2012

Posted: February 02, 2012   /   By: Jon Oltsik   /   Tags: Information and Risk Management, Juniper, Sourcefire, FireEye, Security and Privacy, sap, LogRhythm, trend micro, RSA Security, Rackspace, cybercrime, Damballa, Unisys

It's now February although you'd never know it from the balmy winter here in Boston. Aside from Valentine's Day, February is significant because it is when security geeks from around the world get together in San Francisco for the RSA Conference.

Read More

Information Security Budgets Will Increase in 2012

Posted: January 24, 2012   /   By: Jon Oltsik   /   Tags: IBM, Network Security, Check Point, Cisco, Information and Risk Management, Juniper, Sourcefire, FireEye, HP, McAfee, Security and Privacy, SIEM, Symantec, ISC2, Damballa, Unisys, security skills, IT, security spending

As part of our annual IT Spending Intentions survey, ESG asks IT professionals about overall spending trends for the coming year. Our 2012 IT Spending Intentions survey is set to be published soon, and I got a peak at the data recently. Like other analyst firms, ESG found that IT budgets will increase in 2012, albeit at a modest rate.

Read More

Posts by Topic

see all