Jon Oltsik

Jon Oltsik

Jon Oltsik is an ESG senior principal analyst, an ESG fellow, and the founder of the firm’s cybersecurity service. With 30 years of technology industry experience, Jon is widely recognized as an expert in all aspects of cybersecurity and is often called upon to help customers understand a CISO's perspective and strategies.

Recent Posts by Jon Oltsik:

Big Changes Coming to Cybersecurity Technology

As 2019 winds down, security analysts like me tend to compile a list of industry predictions. I’m still working on a comprehensive list, but I’m extremely confident that we are about to see some unprecedented changes in enterprise security technology. These changes are already happening behind the scenes, but they will become much more visible in 2020 and beyond.

Topics: Cybersecurity SOAPA

Some Thoughts and Actions for Cybersecurity Awareness Month

Are you aware that October is national cybersecurity awareness month? If you aren’t, you’re not alone. There’s lots of cybersecurity awareness activities in DC, some states, and universities, but it’s all but ignored by the industry at large. 

Topics: Cybersecurity

Toward Continuous Automated Penetration and Attack Testing (CAPAT)

According to ESG research, 73% of security professionals say that cyber-risk management is more difficult at their organization today than it was 2 years ago. Why? Survey respondents point to things like the growing attack surface, the rising number of software vulnerabilities, and the increasing technical prowess of cyber-adversaries. 

Topics: Cybersecurity SOAPA

SOAPA versus SOAR

I first came up with the SOAPA concept in late 2016. Here’s the blog I wrote in November of that year describing the architecture and its rationale. 

Topics: Cybersecurity SOAPA SOAR

Can VMware Become a Leading Cybersecurity Vendor?

When you think about VMware and cybersecurity, two products have always stood out. NSX has evolved into a common micro-segmentation tool for east/west traffic within ESXi, while AppDefense monitors applications, determines “normal” behavior, and detects anomalies.

Topics: Cybersecurity VMworld

Examining and Addressing Threat Detection and Response Challenges

Detecting and responding to cyber-threats quickly can mean the difference between a cybersecurity annoyance and a costly data breach. This makes threat detection and response a critical business requirement.

Given this, you’d think that threat detection and response would be well resourced with highly-tuned processes running as efficiently as a Swiss watch. Unfortunately, this is far from true. According to ESG research, threat detection and response is fraught with numerous issues. Here is a list of the top 5 threat detection and response challenges, according to 372 enterprise cybersecurity and IT professionals:

Topics: Cybersecurity

Perceptions of Black Hat 2019

About this time every year, the cybersecurity industry heads to “summer camp” in Las Vegas, heading to BSides, Black Hat, and/or DefCon. I attended Black Hat last week along with many members of the ESG cybersecurity team. Here are a few of my takeaways:

  1. The “vibe” has changed. There used to be a clear difference between Black Hat and its larger cousin, the RSA Conference. RSA has become an industry show where you talk about business relationships, M&A activities, and VC investments. Alternatively, Black Hat was always a practitioners’ show where the buzz centered on exploits, IoCs, and defensive tactics. Alas, billions of security dollars are taking its toll on poor Black Hat – there was a definite “hurray for the industry” vibe, fraught with banal cocktail parties, Merlot-drinking VCs, and ambulance-chasing vendors. The industry needs a cold shower to remember that its job is protecting critical digital assets, not celebrating 10-baggers.
Topics: Cybersecurity Black Hat

SOAPA Video with SAS Software (Part 2)

Stu Bradley, VP of fraud and cybersecurity intelligence, recently stopped by the ESG video studio to participate in our SOAPA video series. In part 2, Stu and I discuss:

  • Cybersecurity analytics readiness. SAS talks about analytics readiness, so I pressed Stu on what the company means. Stu spoke about preparing core security analytics models that act as a foundation and can be adjusted and fine tuned for new types of threats. In other words, SAS Software works to guide customers through the cyber analytics lifecycle so they can gain business value early and often.
Topics: Cybersecurity SOAPA

Anticipating Black Hat 2019

Judging by this week’s Capital One breach and Equifax settlement, cybersecurity remains a topical if not ugly subject. The timing couldn’t be better for these unfortunate events. Why? Because the cybersecurity community will get together next week in Las Vegas for Black Hat and Defcon to discuss how to better deal with security vulnerabilities and improve threat prevention, detection, and response. 

Topics: Cybersecurity Black Hat

SOAPA Video with SAS Software (Part 1)

Stu Bradley, VP of fraud and security intelligence stopped by the ESG video studio to participate in our latest SOAPA video. 

If you are a cybersecurity professional and you don’t know SAS, I strongly suggest you watch this video (and part 2 which is posted here). SAS Software has had a leadership role in data analytics for years and is now applying its craft to cybersecurity. In part 1 of this SOAPA video, Stu and I discuss:

Topics: Cybersecurity SOAPA