Jon Oltsik

Jon Oltsik

Jon Oltsik is an ESG senior principal analyst, an ESG fellow, and the founder of the firm’s cybersecurity service. With 30 years of technology industry experience, Jon is widely recognized as an expert in all aspects of cybersecurity and is often called upon to help customers understand a CISO's perspective and strategies.

Recent Posts by Jon Oltsik:

3 Ways COVID-19 Is Changing CISO Priorities

According to ESG research, 62% of organizations were poised to increase spending on cybersecurity in 2020. Thirty-two percent of survey respondents said they would invest in cybersecurity technologies using AI/ML for threat detection, followed by data security (31%), network security (30%), and cloud application security (27%).

Of course, that was back in the innocent and carefree days before COVID-19. Have things changed?  Yes, and seemingly overnight. Like society at large, the cybersecurity world's priorities, strategies, and tasks have been turned upside down.

Topics: Cybersecurity COVID-19 Tech Effect

Toward a Common UI/UX for the SOC (Security Operations Center)

It’s 2020, yet many organizations still depend upon a myriad of disparate point tools for security operations, leading to many challenges. According to ESG research:

  • 35% of cybersecurity professionals say that the biggest challenges associated with managing an assortment of point tools is that it makes security operations complex and time consuming.
Topics: Cybersecurity

RSA 2020: A Review

RSA 2020 had an uninvited guest, Covid-19. Fist bumps replaced handshakes while hand sanitizing stations seemed ubiquitously stationed throughout the Moscone Center. Attendance seemed to be down due to factors like the virus panic and the withdrawal of major players like AT&T, IBM, and Verizon. 

While lots of people pulled back, the ESG team was in full attendance. Here are a few of our observations and thoughts on RSA 2020:

Topics: Cybersecurity

CISOs Are Finding Ways to Address the Cybersecurity Skills Shortage

As part of the ESG annual IT spending intentions research for 2020, respondents were asked to identify the area where their organizations have a problematic shortage of skills. Cybersecurity topped the list of problematic skills shortage areas, just as it has for the past 9 years.

Topics: Cybersecurity

Big Changes Coming to Cybersecurity Technology

As 2019 winds down, security analysts like me tend to compile a list of industry predictions. I’m still working on a comprehensive list, but I’m extremely confident that we are about to see some unprecedented changes in enterprise security technology. These changes are already happening behind the scenes, but they will become much more visible in 2020 and beyond.

Topics: Cybersecurity SOAPA

Some Thoughts and Actions for Cybersecurity Awareness Month

Are you aware that October is national cybersecurity awareness month? If you aren’t, you’re not alone. There’s lots of cybersecurity awareness activities in DC, some states, and universities, but it’s all but ignored by the industry at large. 

Topics: Cybersecurity

Toward Continuous Automated Penetration and Attack Testing (CAPAT)

According to ESG research, 73% of security professionals say that cyber-risk management is more difficult at their organization today than it was 2 years ago. Why? Survey respondents point to things like the growing attack surface, the rising number of software vulnerabilities, and the increasing technical prowess of cyber-adversaries. 

Topics: Cybersecurity SOAPA

SOAPA versus SOAR

I first came up with the SOAPA concept in late 2016. Here’s the blog I wrote in November of that year describing the architecture and its rationale. 

Topics: Cybersecurity SOAPA SOAR

Can VMware Become a Leading Cybersecurity Vendor?

When you think about VMware and cybersecurity, two products have always stood out. NSX has evolved into a common micro-segmentation tool for east/west traffic within ESXi, while AppDefense monitors applications, determines “normal” behavior, and detects anomalies.

Topics: Cybersecurity VMworld

Examining and Addressing Threat Detection and Response Challenges

Detecting and responding to cyber-threats quickly can mean the difference between a cybersecurity annoyance and a costly data breach. This makes threat detection and response a critical business requirement.

Given this, you’d think that threat detection and response would be well resourced with highly-tuned processes running as efficiently as a Swiss watch. Unfortunately, this is far from true. According to ESG research, threat detection and response is fraught with numerous issues. Here is a list of the top 5 threat detection and response challenges, according to 372 enterprise cybersecurity and IT professionals:

Topics: Cybersecurity