Jon Oltsik

Jon Oltsik is an ESG senior principal analyst and the founder of the firm’s cybersecurity service. With almost 30 years of technology industry experience, Jon is widely recognized as an expert in all aspects of cybersecurity and is often called upon to help customers understand a CISO's perspective and strategies.

Jon was named one of the top 100 cybersecurity influencers for 2015 by Onalytica, and he is active as a committee member of the Cybersecurity Canon, a project dedicated to identifying a list of must-read books for all cybersecurity practitioners. Often quoted in the business and technical press, Jon also publishes articles on The Cipher Brief, a digital, security-based conversation platform that connects the private sector with the world’s leading security experts, and is also engaged in cybersecurity issues, legislation, and technology discussions within the U.S. government.

Is the cybersecurity skills shortage getting worse?

Is the cybersecurity skills shortage getting worse?

New research indicates that things are not improving for filling the demand for cybersecurity skills. The ramifications are widespread.

North Dakota: An innovative and leading cybersecurity state

North Dakota: An innovative and leading cybersecurity state

North Dakota is addressing the cybersecurity skills shortage with policies and programs for government, education, and business.

5 threat detection and response technologies are coming together

5 threat detection and response technologies are coming together

Organizations use too many disparate point tools to detect and respond to cyber threats in a timely manner. As a result, CISOs want tight integration and interoperability across five cybersecurity technologies.

The growing demand for managed detection and response (MDR)

The growing demand for managed detection and response (MDR)

Threat detection/response is a high priority, but many organizations don’t have the staff or skills to perform these tasks alone. This translates into a growing managed detection and response (MDR) market.

Endpoint security is consolidating, but what does that mean?

Endpoint security is consolidating, but what does that mean?

Organizations seeking tightly-integrated endpoint security solutions must determine how far they want to go.

The case for continuous automated security validation

The case for continuous automated security validation

Organizations must truly understand their vulnerabilities at all times to make the right risk mitigation decisions. Continuous automated security validation can provide that.

OpenC2 can accelerate security operations, automation, and orchestration

OpenC2 can accelerate security operations, automation, and orchestration

OpenC2, a standards effort from OASIS, has the potential to accelerate and automate risk mitigation and incident response. Users and vendors should jump onboard.

Vulnerability management woes continue, but there is hope

Vulnerability management woes continue, but there is hope

Prioritizing fixes, workflows, and timely patching are just some of the challenges organizations face, but advanced data analytics may help with vulnerability management.

The cybersecurity technology consolidation conundrum

The cybersecurity technology consolidation conundrum

As point tools come together as platforms and solutions, cybersecurity professionals need to think outside the box about procurement, implementation, and operations.

Cyber risk management challenges are impacting the business

Cyber risk management challenges are impacting the business

Organizations struggle with continuous monitoring, tracking the threat landscape, identifying sensitive data flows, and communication between cybersecurity and business executives.

The buzz at RSA 2019: Cloud security, network security, managed services and more

The buzz at RSA 2019: Cloud security, network security, managed services and more

The buzz at RSA 2019 included talk about cybersecurity and business leaders coming together, managed services, cloud security, network security and more.

What to expect at the RSA Conference 2019

What to expect at the RSA Conference 2019

The RSA Conference will feature cloud-scale security analytics, endpoint security suites, API security, advanced security services, and a traffic jam of people.

Enterprises need to embrace top-down cybersecurity management

Enterprises need to embrace top-down cybersecurity management

CISOs must manage cybersecurity based upon their organization’s mission, goals, and business processes, not the technology underpinnings.

IBM sets forth with a strong cybersecurity message

IBM sets forth with a strong cybersecurity message

IBM has a strong cybersecurity message, but there's a gap between IBM security and its corporate vision. If IBM can bridge this gap, it can carve out a unique market position.

Cyber risk management: There's a disconnect between business and security teams

Cyber risk management: There's a disconnect between business and security teams

Business managers want real-time cyber risk management metrics, but cybersecurity teams can only deliver technical data and periodic reports. That gap needs to close.

The problems plaguing security point tools

The problems plaguing security point tools

Security point tools generate too many alerts, create a strain on operational resources, and make security operations complex and time consuming, new ESG research shows.

The cybersecurity skills shortage is getting worse

The cybersecurity skills shortage is getting worse

More than half of organizations report a “problematic shortage” of cybersecurity skills, and there is no end in sight.

2019 will be the year of cloud-based cybersecurity analytics/operations

2019 will be the year of cloud-based cybersecurity analytics/operations

Demand- and supply-side changes will move security information and event management (SIEM) from on premises to the public cloud.

Security operations activities to watch in 2019

Security operations activities to watch in 2019

Open-source software and industry initiatives, such as MITRE ATT&CK framework and Apache Kafka, will contribute to security operations in 2019.

Cyber risk management continues to grow more difficult

Cyber risk management continues to grow more difficult

Primary reasons why cyber risk management is more difficult include increasing workloads, sophisticated threats, and more demanding business executives.

Load More