Jon Oltsik

Jon Oltsik

Jon Oltsik is an ESG senior principal analyst, an ESG fellow, and the founder of the firm’s cybersecurity service. With 30 years of technology industry experience, Jon is widely recognized as an expert in all aspects of cybersecurity and is often called upon to help customers understand a CISO's perspective and strategies.

Recent Posts by Jon Oltsik:

ESG Brief: 2020 Cybersecurity Spending Trends

Abstract:

Most organizations will increase cybersecurity spending in 2020, driven by the desire to protect business processes and counteract dangerous threats. In fact, organizations targeted by cyber-attacks like ransomware are far more likely to increase spending than those that have not. While most are likely to invest in AI/ML-based analytics, data security, network security, and application security, CISOs will spread budget dollars around in many areas. The data indicates that many organizations are in the process of reengineering their entire cybersecurity infrastructure in an attempt to improve efficacy, streamline security operations, and support new technology-driven business processes.

Topics: Cybersecurity

ESG Master Survey Results: Enterprise-class Cybersecurity Vendor Sentiment

Abstract:

ESG conducted a comprehensive online survey of IT professionals at private- and public-sector organizations in North America (US and Canada) between December 9, 2019 and December 17, 2019. To qualify for this survey, respondents were required to be IT/information security professionals responsible for or familiar with their organization’s cybersecurity environment and strategy.

The data in this master survey results set covers:

  • The cybersecurity technology landscape.
  • Perceptions of and requirements for enterprise-class cybersecurity vendors.
  • Enterprise-class cybersecurity platforms.
  • Security sentiment for cloud service providers.
Topics: Cybersecurity

ESG Research Report: The rise of cloud-based security analytics and operations technologies

Abstract:

Security analytics and operations can be complex, requiring highly skilled professionals and detailed processes. To overcome these issues, security teams tend to deploy an array of security analytics tools and technologies to collect, process, analyze, and act upon growing volumes of security telemetry. Despite this investment, however, many organizations continue to find it difficult to manage cyber risk or detect and respond to cyber incidents.

How can CISOs address these issues and develop effective security analytics and operations processes? In order to get more insight into these trends, ESG surveyed 406 IT and cybersecurity professionals at organizations in North America (US and Canada) involved with the planning, implementation, and/or operations of their organization’s information security policies, processes (including purchase decisions), or technical safeguards and familiar with their organization’s collection and/or analysis of security data in support of information security management strategy

Topics: Cybersecurity Data Platforms, Analytics, & AI Cloud Services & Orchestration

ESG Master Survey Results: Cloud-scale Security Analytics Survey

Abstract:

ESG’s Master Survey Results provide the complete output of syndicated research surveys in graphical format. In addition to the data, these documents provide background information on the survey, including respondent profiles at an individual and organizational level. It is important to note that these documents do not contain analysis of the data.

This Master Survey Results presentation focuses on the current strategies used for security analytics and operations, including the impact of public cloud resources for processing and storing large and fast growing volumes of security data.

Topics: Cybersecurity Data Platforms, Analytics, & AI Cloud Services & Orchestration

ESG Brief: Toward Cybersecurity Technology Platforms

Abstract:

Enterprise organizations anchor their cybersecurity requirements with an army of disconnected point tools today, but this strategy no longer offers the scale, efficacy, or efficiency needed for preventing, detecting, and responding to cyber-attacks. To address this mismatch, ESG research indicates that many organizations are already consolidating the number of vendors and tools they use for security today, replacing point tools with integrated security technology architectures. This portends a new era of security products—cybersecurity technology “platforms.” This raises questions such as: What is a security platform? What are the most important attributes of a cybersecurity technology platform?

ESG research reveals the answers to these questions, providing a roadmap for security professionals and technology vendors.

Topics: Cybersecurity

ESG Brief: Cybersecurity Landscape: The Evolution of Enterprise-class Vendors

Abstract:

Security strategies based upon disconnected point tools are ineffective and inefficient. As a result, many organizations are consolidating security technologies and winnowing down their list of vendors while building a security architecture based upon tightly coupled security controls and services. This transition has several ramifications. On the demand side, it is altering security technology procurement behavior where organizations are spending more money with fewer vendors. Of course, this is having a boomerang effect on the supply side as security vendors integrate their products and services with the hopes of offering enterprise-class cybersecurity “platforms” covering threat prevention, detection, and response capabilities across endpoints, networks, servers, and cloud-resident workloads. This brief examines these trends through the eyes of 232 IT and cybersecurity professionals. The data reveals existing cybersecurity technology strategies and the challenges they present. It proceeds to investigate how organizations plan to address these challenges through technology integration, vendor consolidation, and a move toward cybersecurity “platforms.”

Topics: Cybersecurity

ESG Brief: Ransomware: A Priority for 2018

Abstract:

While not a new type of cyberattack, ransomware’s prominence rose dramatically in 2016 and 2017, as a result of a number of high profile attacks that impacted operations at many organizations. Research conducted by ESG reveals that a majority of organizations experienced ransomware attacks in 2017, representing a concern for both business and IT leadership teams moving forward.

Topics: Cybersecurity

ESG/ISSA Research Report: The Life and Times of Cybersecurity Professionals

Abstract:

In order to assess the experiences, careers, and opinions of cybersecurity professionals, ESG/ISSA surveyed 343 cybersecurity professionals representing organizations of all sizes, across all industries and geographic locations. Survey respondents were also ISSA members.

Survey participants represented a wide range of industries including health care, IT, financial services, manufacturing, business services, communications and media, and government.

Topics: Cybersecurity ISSA

ESG Research Report: Cybersecurity Analytics and Operations in Transition

ABSTRACT

Given an increasing focus on security analytics and operations, ESG initiated a primary research project in early 2017 to assess the state of the market. In pursuit of this goal, ESG surveyed 412 IT and information security professionals representing large mid-market (500 to 999 employees) and enterprise-class (1,000 employees or more) organizations in North America and Western Europe. Respondents surveyed for this project had intimate knowledge and direct involvement in their organizations’ security analytics and operations people, processes, and technologies.

Download the complimentary abstract.
Topics: Cybersecurity SOAPA

ESG Research Report: The Shifting Cybersecurity Landscape

Abstract:

The cybersecurity industry is populated with a plethora of vendors offering discrete solutions representing a fragmented market, historically absent of dominant leaders. The influx of venture capital funding, and, more recently, the participation of private equity firms, have contributed to a growing number of players vying for buyer mindshare and budget. However, notable M&A activity, including Symantec’s acquisition of BlueCoat, and the TPG Capital-led spinout of Intel Security, coupled with anecdotal customer feedback about point tool fatigue, indicate the cybersecurity market is at a tipping point, one that could lead to centers of power, vendor-centric ecosystems, and the emergence of a small group of enterprise-class cybersecurity vendors. These dynamics were the impetus for ESG to conduct research on both the rise of enterprise-class cybersecurity vendors and the requirements of enterprise-ready cybersecurity platforms.

Topics: Cybersecurity