Jon Oltsik

Jon Oltsik is an ESG senior principal analyst and the founder of the firm’s cybersecurity service. With almost 30 years of technology industry experience, Jon is widely recognized as an expert in all aspects of cybersecurity and is often called upon to help customers understand a CISO's perspective and strategies.

Jon was named one of the top 100 cybersecurity influencers for 2015 by Onalytica, and he is active as a committee member of the Cybersecurity Canon, a project dedicated to identifying a list of must-read books for all cybersecurity practitioners. Often quoted in the business and technical press, Jon also publishes articles on The Cipher Brief, a digital, security-based conversation platform that connects the private sector with the world’s leading security experts, and is also engaged in cybersecurity issues, legislation, and technology discussions within the U.S. government.

Cloud computing security chaos continued at RSA Conference 2018

Cloud computing security chaos continued at RSA Conference 2018

Cloud security has growing needs and lots of challenges. Here are some thoughts on solutions and strategies.

What is a cybersecurity technology platform anyway?

What is a cybersecurity technology platform anyway?

Vendors are pushing platforms, but features, functionality, and definitions vary. Here’s a list of “must have” cybersecurity platform attributes.

Quick take-aways from the RSA Security Conference

Quick take-aways from the RSA Security Conference

Last week's RSA Security Conference had good discussions and industry focus, but there was too much hype -- and there's lots of work ahead.

Cloud security will (and should) dominate the RSA Conference

Cloud security will (and should) dominate the RSA Conference

Cloud computing is a runaway IT train, but cloud security is still messy and immature. RSA should become the place to go for cloud security vision, training, best practices, and technology leadership.

Software-defined perimeter: Important initiative, ineffective name

Software-defined perimeter: Important initiative, ineffective name

A geeky and confusing name doesn’t communicate business, privacy, and security benefits. Instead of software-defined perimeter, I suggest ubiquitous security access services (USAS).

Machine learning: Security product or feature?

Machine learning: Security product or feature?

Apart from game-changing security technologies, market movement indicates that machine learning is a product feature.

RSA Conference: CISOs' top 4 cybersecurity priorities

RSA Conference: CISOs' top 4 cybersecurity priorities

When cybersecurity executives head to the RSA Conference, they will be looking for information about threat intelligence, SOAPA, business risk, and changing security perimeters.

Is it time to unify endpoint management and security?

Is it time to unify endpoint management and security?

Modern unified management makes sense, and the industry is reacting by providing solutions. The question is whether enterprise organizations will use them.

GDPR: Look out for 'right to be forgotten storms' ahead

GDPR: Look out for 'right to be forgotten storms' ahead

Thousands of EU citizens may ask data controllers to erase their records by the end of May. Will organizations be ready for this coming GDPR storm?

3 areas in which CISOs are becoming more proactive

3 areas in which CISOs are becoming more proactive

Security executives are taking a hands-on approach in areas such as threat intelligence, privacy, and business initiatives.

Endpoint security suites must detect/prevent threats AND ease operations

Endpoint security suites must detect/prevent threats AND ease operations

Organizations want better threat prevention/detection, but only if new endpoint security tools can help automate and simplify operations, too.

Thinking about identity management for the RSA Security Conference

Thinking about identity management for the RSA Security Conference

Password elimination, software-defined perimeter, and the need for security to “own” identity should be highlighted at the RSA Conference.

Why Splunk acquired Phantom

Why Splunk acquired Phantom

With the purchase of Phantom, SIEM leader Splunk wants to capitalize on market momentum and add to its security operations and analytics platform architecture (SOAPA).

GDPR is coming, and many organizations aren’t ready

GDPR is coming, and many organizations aren’t ready

Many firms still need to deploy security controls and implement solid incident response plans to meet the GDPR deadline in May

What’s on CISOs Minds in 2018?

Business risk, the cyber supply chain, attackers, data security and awareness training top the list

Endpoint security suites must have these features

Endpoint security suites must have these features

Endpoint security vendors must be a one-stop endpoint security shop -- providing such things as anti-malware, anti-exploit, EDR and hybrid deployment options -- if they want to compete.

Cybersecurity job fatigue affects many security professionals

Cybersecurity job fatigue affects many security professionals

Infosec professionals face occupational hazards such as long hours, high stress levels, and career frustration that can lead to mental health issues.

Cloud computing chaos is driving identity management changes

Cloud computing chaos is driving identity management changes

Cloud and mobility are exacerbating problems in an already-fragile IAM infrastructure. This will drive changes to single sign-on, multi-factor authentication, IAM centralization, and skills.

Enterprise plans for security automation and orchestration

Enterprise plans for security automation and orchestration

Organizations want to merge threat intelligence with internal security telemetry, add custom functionality for security operations, and automate remediation tasks.

Artificial intelligence and cybersecurity: The real deal

Artificial intelligence and cybersecurity: The real deal

AI will have a growing impact on cybersecurity technology as a helper app, not as a new product category.

Load More