Jon Oltsik

Jon Oltsik

Jon Oltsik is an ESG senior principal analyst, an ESG fellow, and the founder of the firm’s cybersecurity service. With 30 years of technology industry experience, Jon is widely recognized as an expert in all aspects of cybersecurity and is often called upon to help customers understand a CISO's perspective and strategies.

Recent Posts by Jon Oltsik:

ESG Master Survey Results: Cybersecurity in the C-suite and Boardroom

Abstract:

ESG’s Master Survey Results provide the complete output of syndicated research surveys in graphical format. In addition to the data, these documents provide background information on the survey, including respondent profiles at an individual and organizational level. It is important to note that these documents do not contain analysis of the data.

This Master Survey Results presentation focuses on identifying the role of cybersecurity within the overall corporate mission and understanding the existing processes and communications between security managers, business executives, and corporate boards.

Topics: Cybersecurity

ESG Research Report: The Impact of XDR in the Modern SOC

Abstract:

Threat detection and response is a core component of modern security programs, driving investment in tools to improve visibility, efficacy, and efficiency. As organizations commit to and extend EDR, NDR, or other security analytics solutions in support of broad threat detection and response programs, new opportunities arise for XDR. Organizations can increase business agility when threats are better understood and controlled. Rapidly and effectively correlating alerts across multiple threat vectors leads to increased threat visibility, more rapid and automated response and mitigation, and a reduced dependence on highly skilled security analysts.

Topics: Cybersecurity MDR XDR

ESG Research Report: Cybersecurity in the C-Suite and Boardroom

Abstract:

As organizations embrace digital transformation initiatives, business outcomes become inexorably linked to technology areas like application development, cloud computing, and IoT devices. Therefore, these technology assets must be protected to ensure continuity of business operations. The link between cybersecurity and the business has led to an industry declaration that, “Cybersecurity is a boardroom issue.” This statement is true yet simplistic. Executives and corporate directors have a fiduciary responsibility to shareholders and/or owners, so they are ultimately responsible for everything that drives the business, including managing cyber-risk and safeguarding business-critical technology assets. That said, cybersecurity can be a highly technical discipline. This brings up a few questions: Do executives really understand cybersecurity and its role in the business? And as technology further dominates the business landscape, are they investing appropriately in cybersecurity and driving a cybersecurity culture throughout their organizations?

To explore the answers to these and other questions, ESG surveyed 365 senior business, cybersecurity, and IT professionals at organizations in North America (US and Canada) and Western Europe (UK, France, and Germany) working at midmarket (i.e., 100 to 999 employees) and enterprise-class (i.e., more than 1,000 employees) organizations

Topics: Cybersecurity

ESG Master Survey Results: Incident Readiness Trends

Abstract:

ESG conducted a comprehensive online survey of IT and cybersecurity professionals from private- and public-sector organizations in North America (United States and Canada) between June 25, 2019 and July 8, 2019. To qualify for this survey, respondents were required to be IT and information security professionals responsible for the policies, processes, or technical safeguards used for incident readiness and response at their organization.

This Master Survey Results presentation focuses on incident readiness services, including understanding the trigger points influencing service investments for breach preparation and proactive exercises, as well as how decision makers are prioritizing and timing purchase decisions.

Topics: Cybersecurity

ESG Brief: COVID-19 Readiness: The Cyber-awareness and Employee Productivity Connection

Abstract:

When employees were sent home to work due to COVID-19, cybersecurity teams had to adjust their defenses accordingly. This was especially true due to a massive increase in coronavirus-related cyber-threats. In this environment, security awareness training is especially important, but too many training programs are a mere formality, conducted purely to satisfy a corporate governance or regulatory compliance requirement. ESG research illustrates that comprehensive security training is worthwhile as organizations with thorough training programs were more responsive to COVID-19 cyber-threats and had greater employee productivity. As such, CISOs should eschew “checkbox” training and persuade HR and executives to embrace more thorough security awareness training programs with demonstrable benefits and ROI.

Topics: Cybersecurity cybersecurity education COVID-19 Tech Effect

ESG Brief: Security Infrastructure and Market Changes in Progress

Abstract:

Large organizations built their security infrastructure organically over time, adding new tools as countermeasures to emerging threats. Unfortunately, this created a messy situation where security must be monitored and managed on a tool-by-tool basis. CISOs have had enough—ESG research indicates that they are consolidating vendors and integrating tools into more cohesive technology architectures. These strategic changes will impact the way security technologies are purchased and sold in the future, which will have a downstream impact on the entire security technology industry.

Topics: Cybersecurity cybersecurity technology platform

ESG Brief: Toward Cybersecurity Platforms

Abstract:

For years, organizations anchored their security technology infrastructure with best-of-breed point tools, but this strategy is no longer adequate. Why? The lack of integration strains resources and leads to operational overhead. ESG research indicates that many organizations are now willing to replace these point tools with integrated cybersecurity technology platforms from a single vendor. This transition will impact enterprise cybersecurity technology purchasing and operations while simultaneously altering the security technology market.

Topics: Cybersecurity cybersecurity technology platform

ESG Brief: Cybersecurity Vendor Consolidation Efforts

Abstract:

Too many large organizations still anchor security to an army of disconnected point tools and rely on the cybersecurity staff to piece everything together. This strategy is ineffective, inefficient, and increases cyber-risk. CISOs have had enough as many are actively integrating cybersecurity technologies and consolidating the number of vendors with whom they do business. As this trend progresses, large organizations will buy a lot more of their cybersecurity technologies from a handful of vendors, which will tilt the market toward an emerging breed of enterprise-class cybersecurity vendors offering the right products, services, and partner ecosystems.

Topics: Cybersecurity

ESG Research Report: The Life and Times of Cybersecurity Professionals 2020

Abstract:

In late 2019 and early 2020, the Enterprise Strategy Group (ESG) and the Information Systems Security Association (ISSA) conducted the fourth annual research project focused on the lives and experiences of cybersecurity professionals. This year’s report is based on data from a survey of 327 cybersecurity professionals and ISSA members. Ninety-two percent of survey respondents resided in North America, 4% came from Europe, 3% from Asia, and 1% from Central/South America.

Topics: Cybersecurity cybersecurity skills shortage

ESG Research Report: The Impact of the COVID-19 Pandemic on Cybersecurity

Abstract:

As the global impact of COVID-19 manifested itself in the US in the middle of March, ESG and ISSA decided to conduct an in-depth survey in April 2020 of 364 cybersecurity and IT professionals from the global ISSA member list. The study was a point in time assessment of challenges posed by the pandemic. It is likely that challenges and solutions will continue to evolve over the next few years.

Topics: Cybersecurity COVID-19 Tech Effect Covid-19