Jon Oltsik
Jon Oltsik is a distinguished analyst, fellow, and the founder of the ESG’s cybersecurity service. With over 35 years of technology industry experience, Jon is widely recognized as an expert in all aspects of cybersecurity and is often called upon to help customers understand a CISO's perspective and strategies. Jon focuses on areas such as cyber-risk management, security operations, and all things related to CISOs.
Cybersecurity is a constant fire drill—that’s not just bad, it’s dangerous
Security efforts based on heroism and tribal knowledge can’t scale. CISOs must address this situation as soon as possible.
5 things security pros want from XDR platforms
New research shows that while extended detection and response (XDR) remains a nebulous topic, security pros know what they want from an XDR platform.
Bye-bye best-of-breed?
ESG research finds that organizations are increasingly integrating security technologies and purchasing multi-product security platforms, changing the industry in the process.
SOC modernization: 8 key considerations
Organizations need SOC transformation for security efficacy and operational efficiency. Technology vendors should come to this year’s RSA Conference with clear messages and plans, not industry hyperbole.
5 ways to improve security hygiene and posture management
Security professionals suggest continuous controls validation, process automation, and integrating security and IT technologies.
Operationalizing a “think like the enemy” strategy
MITRE ATT&CK and new security technology innovation make this possible.
Security asset management should be buttoned down. It isn’t.
Organizations struggle to understand what assets they have and whether they are at risk. This opens the door for exploitation.
Look for attack surface management to go mainstream in 2022
Many organizations struggle to discover, classify, and manage Internet-facing assets, leaving them vulnerable to attack. In 2022, they will finally do something to address this.
Security hygiene and posture management: A 2022 priority
Disjointed tools and manual processes provide an incomplete and unacceptable picture of cyber-risk.
Will XDR modernize the SOC?
Organizations are both adopting XDR technology and modernizing the SOC. New ESG research points to areas of potential overlap and even conflict between those two initiatives.
5 observations about XDR
The technology is evolving, so security professionals and pundits must be open-minded and closely track market developments.
7 key data points on the cybersecurity skills shortage
The global cybersecurity skills shortage is as bad as it has ever been, and most organizations are feeling the pinch, new research finds. But cybersecurity professionals have many recommendations for addressing this situation.
4 things you should know about cybersecurity pros
ESG/ISSA research report reveals that a strong cybersecurity culture really matters.
Move over XDR, it's time for security observability, prioritization, and validation (SOPV)
Independent tools and data repositories are coming together for better threat management, impacting organizations, security professionals, and the industry. We need to take the same approach to security hygiene and posture management....
5 things CISOs want to hear about SASE at the RSA Conference
Organizations are planning for secure access service edge (SASE) but have questions on how to get from their current state to converged, cloud-delivered networking and security. They’ll be looking for answers at RSA.
5 things CISOs want to hear about zero trust at the RSA Conference
Security executives are interested in how ZT vendors will integrate with existing technologies, supplement ongoing projects, and support business processes.
8 things CISOs want to hear from XDR vendors
Beyond industry rhetoric, vendors must use their time at the RSA Conference to provide clarity around what XDR is, where it fits, and how it complements existing security technologies.
4 steps to better security hygiene and posture management
Increasing scale and complexity have made keeping up with security hygiene and posture management cumbersome and error prone, leaving organizations exposed. Here's what leading CISOs are doing to close the gap.
Why XDR must include MDR
Technology alone isn't enough; organizations need help with security operations.