Jon Oltsik

Jon Oltsik

Jon Oltsik is an ESG senior principal analyst, an ESG fellow, and the founder of the firm’s cybersecurity service. With 30 years of technology industry experience, Jon is widely recognized as an expert in all aspects of cybersecurity and is often called upon to help customers understand a CISO's perspective and strategies.

Recent Posts by Jon Oltsik:

Security Shines at CiscoLive

Cisco held its annual customer event, CiscoLive, in San Diego this week, while hosting industry analysts like me at C-Scape. As part of the agenda, the Cisco security team provided details on its present position and future strategy. Here are a few of my takeaways:

Topics: Cybersecurity

The Most Stressful Aspects of Being a Cybersecurity Professional

ESG and the Information Systems Security Association (ISSA) just published a third annual research report titled, The Life and Times of Cybersecurity Professionals

Topics: Cybersecurity

Cybersecurity Professionals Are No Match for Cyber-Adversaries

Cybersecurity professionals are paranoid by nature. That’s not a bad thing, it’s a job requirement. We want our cybersecurity team to “think like the enemy” to discover and remediate vulnerabilities as rapidly as they possibly can. 

Aside from this cynicism, my cybersecurity friends also take great pride in what they do. Like Elliot Alderson from the TV series “Mr. Robot,” many cybersecurity professionals want to save the world (from hackers and the like). 

Topics: Cybersecurity ISSA

Is the Cybersecurity Skills Shortage Getting Worse?

I’ve been writing about the cybersecurity skills shortage for 7 years and have become the “Chicken Little” of this topic. Now, we’ve all read about the number of cybersecurity job openings out there, but what is the impact of the skills shortage on cybersecurity professionals who are gainfully employed?

Topics: Cybersecurity cybersecurity skills shortage

North Dakota: An Innovative and Leading Cybersecurity State

When you think of US States exhibiting cybersecurity leadership, which ones come to mind? For me, I’d place Maryland at the top of the list, followed by CA, MA, VA, GA, and a few others. In my view, these states exhibit good efforts around cybersecurity innovation and public/private partnerships.

Now if you pinned me down and asked me to continue my list, I’m not sure where I’d place North Dakota, a state with a population of 755k. Until recently, I had no knowledge or opinion on the state’s cybersecurity position whatsoever. That changed for me when someone from the office of the CIO in North Dakota read one of my blogs on the cybersecurity skills shortage and reached out to fill me in on the state’s cybersecurity efforts. As it turns out, North Dakota is doing quite a bit.

Topics: Cybersecurity

Five Threat Detection and Response Technologies Are Coming Together

Threat detection and response is hard and getting harder. According to ESG research, 76% of cybersecurity professionals claim that threat detection and response is more difficult today than it was two years ago, so this situation may only get worse in the future.

Why are threat detection and response processes and actions so challenging? One of the primary reasons is that many organizations approach threat detection and response through a maze of disconnected point tools. In fact, ESG research indicates that 66% of organizations agree that threat detection/response effectiveness is limited because it is based upon multiple independent point tools.

Topics: Cybersecurity

The Case for Managed Detection and Response (MDR)

According to ESG research, 82% of cybersecurity professionals agree that improving threat detection and response (i.e., mean-time to detect (MTTD), mean-time to respond (MTTR), etc.) is a high priority at their organizations. Furthermore, 77% of cybersecurity professionals surveyed say that business managers are pressuring the cybersecurity team to improve threat detection and response.

Topics: Cybersecurity

SOAPA Video with Devo (Part 2)

In part 2 of my SOAPA video with old friend Dimitri Vlachos from Devo, we discuss:

  1. Devo use cases. Dimitri describes some of the most popular security use cases for Devo, including threat detection, security analytics/investigations, and threat hunting. I’ve got to hand it to Dimitri as he came up with one of the best SOAPA video soundbites ever, “You can’t use old tools to cover new security analytics needs.”
Topics: Cybersecurity SOAPA

Endpoint Security Is Consolidating, but What Does That Mean?

In 2017, my colleague Doug Cahill conducted research on endpoint security. Back then, the research indicated that 87% of organizations were considering a comprehensive endpoint security suite rather than several disconnected endpoint security point tools.

Topics: Cybersecurity

The Case for Continuous Automated Security Validation (CASV)

Chinese military strategist Sun Tzu is quoted as saying, “if you know the enemy and you know yourself, you need not fear the results of a hundred battles.” In cybersecurity terms, this means knowing the cyber-adversaries and associated tactics, techniques, and procedures (TTPs) they use to attack your organization. Additionally, Sun Tzu’s quote extends to an organizational reflection where you must know everything about your technical, human, and even physical vulnerabilities in order to apply the best protection for critical assets.

Topics: Cybersecurity