Jon Oltsik

Jon Oltsik

Jon Oltsik is an ESG senior principal analyst, an ESG fellow, and the founder of the firm’s cybersecurity service. With 30 years of technology industry experience, Jon is widely recognized as an expert in all aspects of cybersecurity and is often called upon to help customers understand a CISO's perspective and strategies.

Recent Posts by Jon Oltsik:

ESG Infographic: The Life and Times of Cybersecurity Professionals 2021

Abstract:

The cybersecurity skills shortage continues with no end in sight, but collaborative research between ESG and ISSA suggests that organizations could and should be doing more to address it.

See the data behind these trends and more with this infographic.

Topics: Cybersecurity

ESG Research Report: The Life and Times of Cybersecurity Professionals 2021 Volume V

Abstract:

In early 2021, the Enterprise Strategy Group (ESG) and the Information Systems Security Association (ISSA) conducted the fifth annual research project focused on the lives and experiences of cybersecurity professionals. This year’s report is based on data from a global survey of 489 cybersecurity professionals.

The cybersecurity skills gap discussion has been going on for over 10 years, and the data gathered for this project confirms that there has been no significant progress toward a solution to this problem during the five years it has been closely researched. The skills crisis has impacted over half (57%) of organizations. The top ramifications of the skills shortage include an increasing workload (62%), unfilled open job requisitions (38%), and high burnout among staff (38%). Further, 95% of respondents state the cybersecurity skills shortage and its associated impacts have not improved over the past few years while 44% say it has only gotten worse.

To download a complimentary copy of this report, please visit https://www.esg-global.com/esg-issa-research-report-2021.

Topics: Cybersecurity cybersecurity skills shortage

ESG Master Survey Results: The Life and Times of Cybersecurity Professionals 2021

Abstract:

ESG conducted a comprehensive online survey of information security and IT professionals from private- and public-sector organizations in North America (United States and Canada), Europe, Asia, Central/South America, and Africa between March 1, 2021 and April 7, 2021. To qualify for this survey, respondents were required to be information security and IT professionals from ISSA’s member list.

This Master Survey Results presentation focuses on the lives and experiences of cybersecurity professionals, including performance assessments of their cybersecurity leaders, as well as suggestions for what organizations can do to help cybersecurity professionals succeed.

Topics: Cybersecurity

ESG Master Survey Results: Cybersecurity in the C-suite and Boardroom

Abstract:

ESG’s Master Survey Results provide the complete output of syndicated research surveys in graphical format. In addition to the data, these documents provide background information on the survey, including respondent profiles at an individual and organizational level. It is important to note that these documents do not contain analysis of the data.

This Master Survey Results presentation focuses on identifying the role of cybersecurity within the overall corporate mission and understanding the existing processes and communications between security managers, business executives, and corporate boards.

Topics: Cybersecurity

ESG Research Report: The Impact of XDR in the Modern SOC

Abstract:

Threat detection and response is a core component of modern security programs, driving investment in tools to improve visibility, efficacy, and efficiency. As organizations commit to and extend EDR, NDR, or other security analytics solutions in support of broad threat detection and response programs, new opportunities arise for XDR. Organizations can increase business agility when threats are better understood and controlled. Rapidly and effectively correlating alerts across multiple threat vectors leads to increased threat visibility, more rapid and automated response and mitigation, and a reduced dependence on highly skilled security analysts.

Topics: Cybersecurity MDR XDR

ESG Research Report: Cybersecurity in the C-Suite and Boardroom

Abstract:

As organizations embrace digital transformation initiatives, business outcomes become inexorably linked to technology areas like application development, cloud computing, and IoT devices. Therefore, these technology assets must be protected to ensure continuity of business operations. The link between cybersecurity and the business has led to an industry declaration that, “Cybersecurity is a boardroom issue.” This statement is true yet simplistic. Executives and corporate directors have a fiduciary responsibility to shareholders and/or owners, so they are ultimately responsible for everything that drives the business, including managing cyber-risk and safeguarding business-critical technology assets. That said, cybersecurity can be a highly technical discipline. This brings up a few questions: Do executives really understand cybersecurity and its role in the business? And as technology further dominates the business landscape, are they investing appropriately in cybersecurity and driving a cybersecurity culture throughout their organizations?

To explore the answers to these and other questions, ESG surveyed 365 senior business, cybersecurity, and IT professionals at organizations in North America (US and Canada) and Western Europe (UK, France, and Germany) working at midmarket (i.e., 100 to 999 employees) and enterprise-class (i.e., more than 1,000 employees) organizations

Topics: Cybersecurity

ESG Master Survey Results: Incident Readiness Trends

Abstract:

ESG conducted a comprehensive online survey of IT and cybersecurity professionals from private- and public-sector organizations in North America (United States and Canada) between June 25, 2019 and July 8, 2019. To qualify for this survey, respondents were required to be IT and information security professionals responsible for the policies, processes, or technical safeguards used for incident readiness and response at their organization.

This Master Survey Results presentation focuses on incident readiness services, including understanding the trigger points influencing service investments for breach preparation and proactive exercises, as well as how decision makers are prioritizing and timing purchase decisions.

Topics: Cybersecurity

ESG Brief: COVID-19 Readiness: The Cyber-awareness and Employee Productivity Connection

Abstract:

When employees were sent home to work due to COVID-19, cybersecurity teams had to adjust their defenses accordingly. This was especially true due to a massive increase in coronavirus-related cyber-threats. In this environment, security awareness training is especially important, but too many training programs are a mere formality, conducted purely to satisfy a corporate governance or regulatory compliance requirement. ESG research illustrates that comprehensive security training is worthwhile as organizations with thorough training programs were more responsive to COVID-19 cyber-threats and had greater employee productivity. As such, CISOs should eschew “checkbox” training and persuade HR and executives to embrace more thorough security awareness training programs with demonstrable benefits and ROI.

Topics: Cybersecurity cybersecurity education COVID-19 Tech Effect

ESG Brief: Security Infrastructure and Market Changes in Progress

Abstract:

Large organizations built their security infrastructure organically over time, adding new tools as countermeasures to emerging threats. Unfortunately, this created a messy situation where security must be monitored and managed on a tool-by-tool basis. CISOs have had enough—ESG research indicates that they are consolidating vendors and integrating tools into more cohesive technology architectures. These strategic changes will impact the way security technologies are purchased and sold in the future, which will have a downstream impact on the entire security technology industry.

Topics: Cybersecurity cybersecurity technology platform

ESG Brief: Toward Cybersecurity Platforms

Abstract:

For years, organizations anchored their security technology infrastructure with best-of-breed point tools, but this strategy is no longer adequate. Why? The lack of integration strains resources and leads to operational overhead. ESG research indicates that many organizations are now willing to replace these point tools with integrated cybersecurity technology platforms from a single vendor. This transition will impact enterprise cybersecurity technology purchasing and operations while simultaneously altering the security technology market.

Topics: Cybersecurity cybersecurity technology platform