Jon Oltsik

Jon Oltsik is an ESG senior principal analyst and the founder of the firm’s cybersecurity service. With almost 30 years of technology industry experience, Jon is widely recognized as an expert in all aspects of cybersecurity and is often called upon to help customers understand a CISO's perspective and strategies.

Jon was named one of the top 100 cybersecurity influencers for 2015 by Onalytica, and he is active as a committee member of the Cybersecurity Canon, a project dedicated to identifying a list of must-read books for all cybersecurity practitioners. Often quoted in the business and technical press, Jon also publishes articles on The Cipher Brief, a digital, security-based conversation platform that connects the private sector with the world’s leading security experts, and is also engaged in cybersecurity issues, legislation, and technology discussions within the U.S. government.

Bye-bye best-of-breed?

SOC modernization: 8 key considerations

SOC modernization: 8 key considerations

Organizations need SOC transformation for security efficacy and operational efficiency. Technology vendors should come to this year’s RSA Conference with clear messages and plans, not industry hyperbole.

5 ways to improve security hygiene and posture management

5 ways to improve security hygiene and posture management

Security professionals suggest continuous controls validation, process automation, and integrating security and IT technologies.

Operationalizing a “think like the enemy” strategy

Operationalizing a “think like the enemy” strategy

MITRE ATT&CK and new security technology innovation make this possible.

Security asset management should be buttoned down.  It isn’t.

Security asset management should be buttoned down. It isn’t.

Organizations struggle to understand what assets they have and whether they are at risk. This opens the door for exploitation.

Look for attack surface management to go mainstream in 2022

Look for attack surface management to go mainstream in 2022

Many organizations struggle to discover, classify, and manage Internet-facing assets, leaving them vulnerable to attack. In 2022, they will finally do something to address this.

Security hygiene and posture management: A 2022 priority

Security hygiene and posture management: A 2022 priority

Disjointed tools and manual processes provide an incomplete and unacceptable picture of cyber-risk.

Will XDR modernize the SOC?

Will XDR modernize the SOC?

Organizations are both adopting XDR technology and modernizing the SOC. New ESG research points to areas of potential overlap and even conflict between those two initiatives.

5 observations about XDR

5 observations about XDR

The technology is evolving, so security professionals and pundits must be open-minded and closely track market developments.

7 key data points on the cybersecurity skills shortage

7 key data points on the cybersecurity skills shortage

The global cybersecurity skills shortage is as bad as it has ever been, and most organizations are feeling the pinch, new research finds. But cybersecurity professionals have many recommendations for addressing this situation.

4 things you should know about cybersecurity pros

4 things you should know about cybersecurity pros

ESG/ISSA research report reveals that a strong cybersecurity culture really matters.

Move over XDR, it's time for security observability, prioritization, and validation (SOPV)

Move over XDR, it's time for security observability, prioritization, and validation (SOPV)

Independent tools and data repositories are coming together for better threat management, impacting organizations, security professionals, and the industry. We need to take the same approach to security hygiene and posture management....

Load More