Jon Oltsik

Jon Oltsik is an ESG senior principal analyst and the founder of the firm’s cybersecurity service. With almost 30 years of technology industry experience, Jon is widely recognized as an expert in all aspects of cybersecurity and is often called upon to help customers understand a CISO's perspective and strategies.

Jon was named one of the top 100 cybersecurity influencers for 2015 by Onalytica, and he is active as a committee member of the Cybersecurity Canon, a project dedicated to identifying a list of must-read books for all cybersecurity practitioners. Often quoted in the business and technical press, Jon also publishes articles on The Cipher Brief, a digital, security-based conversation platform that connects the private sector with the world’s leading security experts, and is also engaged in cybersecurity issues, legislation, and technology discussions within the U.S. government.


Cloud security will (and should) dominate the RSA Conference

Cloud security will (and should) dominate the RSA Conference

Cloud computing is a runaway IT train, but cloud security is still messy and immature. RSA should become the place to go for cloud security vision, training, best practices, and technology leadership.

Software-defined perimeter: Important initiative, ineffective name

Software-defined perimeter: Important initiative, ineffective name

A geeky and confusing name doesn’t communicate business, privacy, and security benefits. Instead of software-defined perimeter, I suggest ubiquitous security access services (USAS).

Machine learning: Security product or feature?

Machine learning: Security product or feature?

Apart from game-changing security technologies, market movement indicates that machine learning is a product feature.

RSA Conference: CISOs' top 4 cybersecurity priorities

RSA Conference: CISOs' top 4 cybersecurity priorities

When cybersecurity executives head to the RSA Conference, they will be looking for information about threat intelligence, SOAPA, business risk, and changing security perimeters.

Is it time to unify endpoint management and security?

Is it time to unify endpoint management and security?

Modern unified management makes sense, and the industry is reacting by providing solutions. The question is whether enterprise organizations will use them.

GDPR: Look out for 'right to be forgotten storms' ahead

GDPR: Look out for 'right to be forgotten storms' ahead

Thousands of EU citizens may ask data controllers to erase their records by the end of May. Will organizations be ready for this coming GDPR storm?

3 areas in which CISOs are becoming more proactive

3 areas in which CISOs are becoming more proactive

Security executives are taking a hands-on approach in areas such as threat intelligence, privacy, and business initiatives.

Endpoint security suites must detect/prevent threats AND ease operations

Endpoint security suites must detect/prevent threats AND ease operations

Organizations want better threat prevention/detection, but only if new endpoint security tools can help automate and simplify operations, too.

Thinking about identity management for the RSA Security Conference

Thinking about identity management for the RSA Security Conference

Password elimination, software-defined perimeter, and the need for security to “own” identity should be highlighted at the RSA Conference.

Why Splunk acquired Phantom

Why Splunk acquired Phantom

With the purchase of Phantom, SIEM leader Splunk wants to capitalize on market momentum and add to its security operations and analytics platform architecture (SOAPA).

GDPR is coming, and many organizations aren’t ready

GDPR is coming, and many organizations aren’t ready

Many firms still need to deploy security controls and implement solid incident response plans to meet the GDPR deadline in May

Load More