Jon Oltsik

Jon Oltsik

Jon Oltsik is an ESG senior principal analyst, an ESG fellow, and the founder of the firm’s cybersecurity service. With 30 years of technology industry experience, Jon is widely recognized as an expert in all aspects of cybersecurity and is often called upon to help customers understand a CISO's perspective and strategies.

Recent Posts by Jon Oltsik:

Security Analytics: It’s All About the Data

Over the past five years, we’ve seen an explosion in security data collection, processing, and analysis. As part of a recent security analytics research project, ESG found that 28% of organizations claimed that they were collecting, processing, and analyzing significantly more security data than they did 2 years ago, while another 49% were collecting, processing, and analyzing somewhat more data during the same timeframe.

Managed Security Services Will Take Center Stage at Black Hat

Black Hat has gotten a lot bigger over the past few years, so many security insiders now compare Black Hat to the RSA Security Conference circa 2012 or so. 

This is an accurate comparison from an attendance perspective but there is still a fundamental difference between the shows. In my humble opinion, RSA is an industry event, while Black Hat is more of a cybersecurity professional gathering. The focus is on cyber-adversary tactics, techniques, and procedures (TTPs), threat intelligence, and defensive playbooks. Rather than host lavish cocktail parties, vendors who participate in Black Hat must roll up their sleeves and demonstrate their technology acumen to gain street cred with this crowd.

Topics: Cybersecurity Black Hat

What’s Needed for Network Traffic Analysis (NTA)

When it comes to threat detection and response, understanding network behavior really matters. According to ESG research, 87% of organizations use network traffic analysis (NTA) tools for threat detection and response, and 43% say that NTA is a “first line of defense” for detecting and responding to threats.  

Topics: Cybersecurity

Bridging the Cyber-risk Management Gap

According to ESG research, 74% of cybersecurity professionals believe that cyber-risk management is more difficult today than it was two years ago. Respondents point to an expanding attack surface, an increase in software vulnerabilities, and more sophisticated tactics, techniques, and procedures (TTPs) from cyber-adversaries.

Okay, so there’s a cyber-risk management gap at most organizations--so what are they going to do about it? The research indicates that:

Topics: Cybersecurity

Modern Network Security Transformation

Early in my high-tech career, SUN Microsystems was thought of as a computing visionary. SUN coined an intriguing company tagline early on, "the network is the computer." What did this mean? That IT infrastructure was linked together in a loosely coupled architecture, tied together via networking technologies like Ethernet cables and the TCP/IP protocol. Thus, it was critical to engineer the network correctly to maximize network availability, performance, and business benefits.

Topics: Cybersecurity Networking

Report from AWS re:Inforce 2019

I spent the last few days at AWS re:Inforce 2019, here in Boston. It was my first AWS event and I came away with a few strong impressions:

Topics: Cybersecurity AWS re:Inforce

Cybersecurity Pros' Haphazard Participation in Data Privacy

Before GDPR became official in May 2018, I heard a similar story from many CISOs. In the past, data privacy programs were legal exercises focused on data classification and governance. Yes, there were security angles around compliance, DLP, and incident response, but legal had oversight around which data was considered as private and what could and could not be done with sensitive data.

Topics: Cybersecurity

Security Shines at CiscoLive

Cisco held its annual customer event, CiscoLive, in San Diego this week, while hosting industry analysts like me at C-Scape. As part of the agenda, the Cisco security team provided details on its present position and future strategy. Here are a few of my takeaways:

Topics: Cybersecurity

The Most Stressful Aspects of Being a Cybersecurity Professional

ESG and the Information Systems Security Association (ISSA) just published a third annual research report titled, The Life and Times of Cybersecurity Professionals

Topics: Cybersecurity

Cybersecurity Professionals Are No Match for Cyber-Adversaries

Cybersecurity professionals are paranoid by nature. That’s not a bad thing, it’s a job requirement. We want our cybersecurity team to “think like the enemy” to discover and remediate vulnerabilities as rapidly as they possibly can. 

Aside from this cynicism, my cybersecurity friends also take great pride in what they do. Like Elliot Alderson from the TV series “Mr. Robot,” many cybersecurity professionals want to save the world (from hackers and the like). 

Topics: Cybersecurity ISSA