Jon Oltsik

Jon Oltsik

Jon Oltsik is an ESG senior principal analyst, an ESG fellow, and the founder of the firm’s cybersecurity service. With 30 years of technology industry experience, Jon is widely recognized as an expert in all aspects of cybersecurity and is often called upon to help customers understand a CISO's perspective and strategies.

Recent Posts by Jon Oltsik:

ESG Research Report: The rise of cloud-based security analytics and operations technologies

Abstract:

Security analytics and operations can be complex, requiring highly skilled professionals and detailed processes. To overcome these issues, security teams tend to deploy an array of security analytics tools and technologies to collect, process, analyze, and act upon growing volumes of security telemetry. Despite this investment, however, many organizations continue to find it difficult to manage cyber risk or detect and respond to cyber incidents.

How can CISOs address these issues and develop effective security analytics and operations processes? In order to get more insight into these trends, ESG surveyed 406 IT and cybersecurity professionals at organizations in North America (US and Canada) involved with the planning, implementation, and/or operations of their organization’s information security policies, processes (including purchase decisions), or technical safeguards and familiar with their organization’s collection and/or analysis of security data in support of information security management strategy

Topics: Cybersecurity Data Platforms, Analytics, & AI Cloud Services & Orchestration

ESG Master Survey Results: Cloud-scale Security Analytics Survey

Abstract:

ESG’s Master Survey Results provide the complete output of syndicated research surveys in graphical format. In addition to the data, these documents provide background information on the survey, including respondent profiles at an individual and organizational level. It is important to note that these documents do not contain analysis of the data.

This Master Survey Results presentation focuses on the current strategies used for security analytics and operations, including the impact of public cloud resources for processing and storing large and fast growing volumes of security data.

Topics: Cybersecurity Data Platforms, Analytics, & AI Cloud Services & Orchestration

ESG Brief: Toward Cybersecurity Technology Platforms

Abstract:

Enterprise organizations anchor their cybersecurity requirements with an army of disconnected point tools today, but this strategy no longer offers the scale, efficacy, or efficiency needed for preventing, detecting, and responding to cyber-attacks. To address this mismatch, ESG research indicates that many organizations are already consolidating the number of vendors and tools they use for security today, replacing point tools with integrated security technology architectures. This portends a new era of security products—cybersecurity technology “platforms.” This raises questions such as: What is a security platform? What are the most important attributes of a cybersecurity technology platform?

ESG research reveals the answers to these questions, providing a roadmap for security professionals and technology vendors.

Topics: Cybersecurity

ESG Brief: Cybersecurity Landscape: The Evolution of Enterprise-class Vendors

Abstract:

Security strategies based upon disconnected point tools are ineffective and inefficient. As a result, many organizations are consolidating security technologies and winnowing down their list of vendors while building a security architecture based upon tightly coupled security controls and services. This transition has several ramifications. On the demand side, it is altering security technology procurement behavior where organizations are spending more money with fewer vendors. Of course, this is having a boomerang effect on the supply side as security vendors integrate their products and services with the hopes of offering enterprise-class cybersecurity “platforms” covering threat prevention, detection, and response capabilities across endpoints, networks, servers, and cloud-resident workloads. This brief examines these trends through the eyes of 232 IT and cybersecurity professionals. The data reveals existing cybersecurity technology strategies and the challenges they present. It proceeds to investigate how organizations plan to address these challenges through technology integration, vendor consolidation, and a move toward cybersecurity “platforms.”

Topics: Cybersecurity

ESG Brief: Ransomware: A Priority for 2018

Abstract:

While not a new type of cyberattack, ransomware’s prominence rose dramatically in 2016 and 2017, as a result of a number of high profile attacks that impacted operations at many organizations. Research conducted by ESG reveals that a majority of organizations experienced ransomware attacks in 2017, representing a concern for both business and IT leadership teams moving forward.

Topics: Cybersecurity

ESG/ISSA Research Report: The Life and Times of Cybersecurity Professionals

Abstract:

In order to assess the experiences, careers, and opinions of cybersecurity professionals, ESG/ISSA surveyed 343 cybersecurity professionals representing organizations of all sizes, across all industries and geographic locations. Survey respondents were also ISSA members.

Survey participants represented a wide range of industries including health care, IT, financial services, manufacturing, business services, communications and media, and government.

Topics: Cybersecurity ISSA

ESG Research Report: Cybersecurity Analytics and Operations in Transition

ABSTRACT

Given an increasing focus on security analytics and operations, ESG initiated a primary research project in early 2017 to assess the state of the market. In pursuit of this goal, ESG surveyed 412 IT and information security professionals representing large mid-market (500 to 999 employees) and enterprise-class (1,000 employees or more) organizations in North America and Western Europe. Respondents surveyed for this project had intimate knowledge and direct involvement in their organizations’ security analytics and operations people, processes, and technologies.

Download the complimentary abstract.
Topics: Cybersecurity SOAPA

ESG Research Report: The Shifting Cybersecurity Landscape

Abstract:

The cybersecurity industry is populated with a plethora of vendors offering discrete solutions representing a fragmented market, historically absent of dominant leaders. The influx of venture capital funding, and, more recently, the participation of private equity firms, have contributed to a growing number of players vying for buyer mindshare and budget. However, notable M&A activity, including Symantec’s acquisition of BlueCoat, and the TPG Capital-led spinout of Intel Security, coupled with anecdotal customer feedback about point tool fatigue, indicate the cybersecurity market is at a tipping point, one that could lead to centers of power, vendor-centric ecosystems, and the emergence of a small group of enterprise-class cybersecurity vendors. These dynamics were the impetus for ESG to conduct research on both the rise of enterprise-class cybersecurity vendors and the requirements of enterprise-ready cybersecurity platforms.

Topics: Cybersecurity

ESG Brief: 2017 Cybersecurity Spending Trends

Abstract:

IT spending for cybersecurity products and services continues to accelerate in 2017 as business and IT executives grapple with the dangerous threat landscape, compounded by the increasing use of cloud services that expand the attack surface area. Nevertheless, the fact that cybersecurity is once again a top business priority clearly indicates that organizations intend to spend to protect themselves from risk and compromise.

Topics: Cybersecurity IT Spending Intentions

ESG/ISSA Research Report: Through the Eyes of Cyber Security Professionals: Annual Research Report (Part II)

Abstract:

Today’s cyber security professionals reside on the frontline of a perpetual battle, tasked with applying limited resources to outthink would be cyber-attackers and defend their organizations against everything from embarrassing website defacement through unseemly ransomware extortion to devastating data breaches. Alarmingly, cyber security professionals often accept this challenge knowing they are undermanned for the fight. According to ESG research, 46% of organizations claim to have a problematic shortage of cyber security skills.

Topics: Cybersecurity