Jon Oltsik

Jon Oltsik

Jon Oltsik is an ESG senior principal analyst, an ESG fellow, and the founder of the firm’s cybersecurity service. With 30 years of technology industry experience, Jon is widely recognized as an expert in all aspects of cybersecurity and is often called upon to help customers understand a CISO's perspective and strategies.

Recent Posts by Jon Oltsik:

Is Cybersecurity Really an Issue in the Boardroom and C-Suite?

Somewhere around 2015, the security industry adopted a new mantra, “cybersecurity is a boardroom issue.” This statement was supported by lots of independent research, business press articles, webinars, local events, and even sessions at RSA and Black Hat crowing about the burgeoning relationship between CISOs, business executives, and corporate boards.

At the beginning of last year, I noticed that boardroom buzz about cybersecurity hadn’t really changed over the past 5 years – same old tired rhetoric and hyperbole. Hmm. Certainly, things must have progressed in that 5-year timeframe, right?

Topics: Cybersecurity

SOAPA Interview with ThreatQuotient, Part 2 (Video)

In continuing my chat with Marc Solomon, CMO of ThreatQuotient, Marc and I discuss:

  1. SOC integration. At its heart, SOAPA is an integrated heterogenous technology architecture for security operations, so I ask Marc how integration plays into ThreatQ’s strategy. Marc mentions that the platform includes bi-directional integration where ThreatQ consumes and provides data. What type of data? External threat data, enriched data, event data, etc. ThreatQuotient can be used as a SOAPA data broker, acting as the single source of truth for security operations.
Topics: Cybersecurity SOAPA

SOAPA Interview With Marc Solomon of ThreatQuotient, Part 1

Mark Solomon, CMO of ThreatQuotient. and I had a chance to get together and talk SOAPA recently. In part 1 of our video, Marc gives a brief description about what ThreatQ does and then we proceed to chat about:

  1. What’s the deal with cyber threat intelligence (CTI)? For every SOC manager who tells me that threat intelligence is the foundation of security operations, another says that his or her organization struggles to operationalize threat intelligence. What’s going on here? Marc believes the term “threat intelligence” is somewhat poisoned and meaningless today. The real key is to collect, process, analyze, and act upon the CTI that aligns with your organization’s infrastructure, industry, location, etc., and then integrate it into every aspect of security ops.
Topics: Cybersecurity SOAPA

SOAPA Interview with Dr. Anton Chuvakin of Google Chronicle, Part 2 (Video)

Anton Chuvakin knows his stuff, so I was excited to have him participate in ESG’s SOAPA video series. In part 2 of our video, Anton and I chat about:

  1. Security data. I mention to Anton that many SOC teams are buried in large volumes of security telemetry and then ask if we are trying to collect, process, and analyze more data than we need. Anton responds that we have too much “dirty data” that really isn’t useful. Therefore, the challenge is understanding which telemetry is useful, how it’s useful, and which other data elements we need for data enrichment to improve the efficacy and efficiency of our analytics.
Topics: Cybersecurity SOAPA

SOAPA Interview with Dr. Anton Chuvakin of Google Chronicle (Video)

I’ve long admired the work of Dr. Anton Chuvakin, head of solution strategy at Google Chronicle. Anton really knows security analytics and operations so now that he’s no longer a Gartner analyst, it was great to have him participate in the SOAPA video series. In part 1, Anton and I discuss:

  • Detection as code. In a recent blog, Anton proposes, "detection as code." The thought here is that you want to “devops” your detections to keep up with threats and strive for constant improvement. This is an intriguing concept that may be especially useful for large organizations in specific industries under attack. We have focused industry ISACs, why not focused industry detection code?
Topics: Cybersecurity SOAPA

SOAPA Interview With Sam Curry of Cybereason, Part 2 (Video)

Old friend and Cybereason CSO Sam Curry and I got together (virtually) to chat about all things SOAPA. In part 2 of our video, we focus on:

  • This newish thing called XDR. My colleague Dave Gruber and I are all over XDR as analysts, so I asked Sam for his thoughts. Sam thinks of XDR as taking EDR to the next level. He even broke down the acronym stating that the X signified telemetry independence. The “D” in XDR is somewhat overstated, Sam is really focused on the importance of the R, response, as security is about blocking (not finding) the bad guys. In the end, XDR should be a force multiplier for the cybersecurity staff.
Topics: Cybersecurity SOAPA

SOAPA Interview With Sam Curry of Cybereason, Part 1 (Video)

I’ve known Cybereason CSO, Sam Curry for years, so it was a pleasure to lure him to ESG’s virtual studio for a SOAPA video. In part 1 of our 2-part series, Sam and I discuss:

  • Why EDR? Sam describes how, unlike SIEM, EDR is designed for one specific purpose – finding the bad guys. The best EDR solutions identify signals in all the noise, alert humans about malicious activities, and make it easy for them to take action.
Topics: Cybersecurity SOAPA

XDR Market Challenges

XDR may succeed but XDR vendors face deployment challenges and competition on several fronts.

My colleague Dave Gruber and I are all over this new concept called XDR. Just what is this new acronym all about? In a recent CSO Online blog, I defined XDR as:

An integrated suite of security products spanning hybrid IT architectures, designed to interoperate and coordinate on threat prevention, detection, and response. XDR unifies control points, security telemetry, analytics, and operations into one enterprise system.

Hmm, sounds interesting but is there a market for yet another type of security product?

Topics: Cybersecurity

SOAPA Discussion On EDR and XDR With Jon Oltsik and Dave Gruber (Video), Part 3

My colleague Dave Gruber is such a great guest that I invited him back for an unparalleled SOAPA video part 3. In our final installment, Dave and I talk about:

Topics: Cybersecurity SOAPA

SOAPA Discussion On EDR and XDR with Jon Oltsik and Dave Gruber (Video) Part 2

In part 2 of our SOAPA video, I welcome back my astute colleague, Dave Gruber. The conversation turns to XDR, a market segment that Dave and I collaborate on. I ask Dave about:

  • The definition of XDR. It’s a nebulous industry term but Dave nails it by explaining that XDR is a method for bringing controls together to improve security telemetry collection, correlation, contextualization, and analytics. There’s also an operational side of XDR to help coordinate response and remediation across multiple controls simultaneously.
Topics: Cybersecurity SOAPA XDR