Jon Oltsik

Jon Oltsik

Jon Oltsik is an ESG senior principal analyst, an ESG fellow, and the founder of the firm’s cybersecurity service. With 30 years of technology industry experience, Jon is widely recognized as an expert in all aspects of cybersecurity and is often called upon to help customers understand a CISO's perspective and strategies.

Recent Posts by Jon Oltsik:

ESG Brief: COVID-19 Readiness: The Cyber-awareness and Employee Productivity Connection

Abstract:

When employees were sent home to work due to COVID-19, cybersecurity teams had to adjust their defenses accordingly. This was especially true due to a massive increase in coronavirus-related cyber-threats. In this environment, security awareness training is especially important, but too many training programs are a mere formality, conducted purely to satisfy a corporate governance or regulatory compliance requirement. ESG research illustrates that comprehensive security training is worthwhile as organizations with thorough training programs were more responsive to COVID-19 cyber-threats and had greater employee productivity. As such, CISOs should eschew “checkbox” training and persuade HR and executives to embrace more thorough security awareness training programs with demonstrable benefits and ROI.

Topics: Cybersecurity cybersecurity education COVID-19 Tech Effect

ESG Brief: Security Infrastructure and Market Changes in Progress

Abstract:

Large organizations built their security infrastructure organically over time, adding new tools as countermeasures to emerging threats. Unfortunately, this created a messy situation where security must be monitored and managed on a tool-by-tool basis. CISOs have had enough—ESG research indicates that they are consolidating vendors and integrating tools into more cohesive technology architectures. These strategic changes will impact the way security technologies are purchased and sold in the future, which will have a downstream impact on the entire security technology industry.

Topics: Cybersecurity cybersecurity technology platform

ESG Brief: Toward Cybersecurity Platforms

Abstract:

For years, organizations anchored their security technology infrastructure with best-of-breed point tools, but this strategy is no longer adequate. Why? The lack of integration strains resources and leads to operational overhead. ESG research indicates that many organizations are now willing to replace these point tools with integrated cybersecurity technology platforms from a single vendor. This transition will impact enterprise cybersecurity technology purchasing and operations while simultaneously altering the security technology market.

Topics: Cybersecurity cybersecurity technology platform

ESG Brief: Cybersecurity Vendor Consolidation Efforts

Abstract:

Too many large organizations still anchor security to an army of disconnected point tools and rely on the cybersecurity staff to piece everything together. This strategy is ineffective, inefficient, and increases cyber-risk. CISOs have had enough as many are actively integrating cybersecurity technologies and consolidating the number of vendors with whom they do business. As this trend progresses, large organizations will buy a lot more of their cybersecurity technologies from a handful of vendors, which will tilt the market toward an emerging breed of enterprise-class cybersecurity vendors offering the right products, services, and partner ecosystems.

Topics: Cybersecurity

ESG Research Report: The Life and Times of Cybersecurity Professionals 2020

Abstract:

In late 2019 and early 2020, the Enterprise Strategy Group (ESG) and the Information Systems Security Association (ISSA) conducted the fourth annual research project focused on the lives and experiences of cybersecurity professionals. This year’s report is based on data from a survey of 327 cybersecurity professionals and ISSA members. Ninety-two percent of survey respondents resided in North America, 4% came from Europe, 3% from Asia, and 1% from Central/South America.

Topics: Cybersecurity cybersecurity skills shortage

ESG Research Report: The Impact of the COVID-19 Pandemic on Cybersecurity

Abstract:

As the global impact of COVID-19 manifested itself in the US in the middle of March, ESG and ISSA decided to conduct an in-depth survey in April 2020 of 364 cybersecurity and IT professionals from the global ISSA member list. The study was a point in time assessment of challenges posed by the pandemic. It is likely that challenges and solutions will continue to evolve over the next few years.

Topics: Cybersecurity COVID-19 Tech Effect Covid-19

ESG Brief: 2020 Cybersecurity Spending Trends

Abstract:

Most organizations will increase cybersecurity spending in 2020, driven by the desire to protect business processes and counteract dangerous threats. In fact, organizations targeted by cyber-attacks like ransomware are far more likely to increase spending than those that have not. While most are likely to invest in AI/ML-based analytics, data security, network security, and application security, CISOs will spread budget dollars around in many areas. The data indicates that many organizations are in the process of reengineering their entire cybersecurity infrastructure in an attempt to improve efficacy, streamline security operations, and support new technology-driven business processes.

Topics: Cybersecurity

ESG Master Survey Results: Enterprise-class Cybersecurity Vendor Sentiment

Abstract:

ESG conducted a comprehensive online survey of IT professionals at private- and public-sector organizations in North America (US and Canada) between December 9, 2019 and December 17, 2019. To qualify for this survey, respondents were required to be IT/information security professionals responsible for or familiar with their organization’s cybersecurity environment and strategy.

The data in this master survey results set covers:

  • The cybersecurity technology landscape.
  • Perceptions of and requirements for enterprise-class cybersecurity vendors.
  • Enterprise-class cybersecurity platforms.
  • Security sentiment for cloud service providers.
Topics: Cybersecurity

ESG Research Report: The rise of cloud-based security analytics and operations technologies

Abstract:

Security analytics and operations can be complex, requiring highly skilled professionals and detailed processes. To overcome these issues, security teams tend to deploy an array of security analytics tools and technologies to collect, process, analyze, and act upon growing volumes of security telemetry. Despite this investment, however, many organizations continue to find it difficult to manage cyber risk or detect and respond to cyber incidents.

How can CISOs address these issues and develop effective security analytics and operations processes? In order to get more insight into these trends, ESG surveyed 406 IT and cybersecurity professionals at organizations in North America (US and Canada) involved with the planning, implementation, and/or operations of their organization’s information security policies, processes (including purchase decisions), or technical safeguards and familiar with their organization’s collection and/or analysis of security data in support of information security management strategy

Topics: Cybersecurity Data Platforms, Analytics, & AI Cloud Services & Orchestration

ESG Master Survey Results: Cloud-scale Security Analytics Survey

Abstract:

ESG’s Master Survey Results provide the complete output of syndicated research surveys in graphical format. In addition to the data, these documents provide background information on the survey, including respondent profiles at an individual and organizational level. It is important to note that these documents do not contain analysis of the data.

This Master Survey Results presentation focuses on the current strategies used for security analytics and operations, including the impact of public cloud resources for processing and storing large and fast growing volumes of security data.

Topics: Cybersecurity Data Platforms, Analytics, & AI Cloud Services & Orchestration