Jon Oltsik is an ESG senior principal analyst and the founder of the firm’s cybersecurity service. With almost 30 years of technology industry experience, Jon is widely recognized as an expert in all aspects of cybersecurity and is often called upon to help customers understand a CISO's perspective and strategies.
New use cases, MITRE Shield support, and greater awareness will drive market growth and penetration.
Cybersecurity awareness month has never gained traction beyond academia and the public sector. It’s time for all parties to commit or quit.
Highlights from the fourth annual “Life and Times of Cybersecurity Professionals” report
New research from ESG and ISSA illustrates a lack of advancement in bridging the cybersecurity skill shortage gap.
Organizations must prepare for collecting, processing, analyzing, and acting upon terabytes of security data.
XDR is a promising concept, but XDR vendors face deployment challenges and competition on several fronts.
CISOs must anticipate burgeoning needs for distributed security scale, intelligence, and self-service.
An initiative more than a technology, XDR seeks to simplify and unify security technologies to make the whole greater than the sum of its parts.
COVID-19 has opened the cyberattack floodgates; defenders need strong cyber threat intelligence (CTI) analysis, operationalization and sharing. Here's how to get more from your CTI program.
Phase 1 was all about employee access, network communications confidentiality/integrity, and basic endpoint security. The next phases will move quickly from risk assessment to mitigation.
The scramble to enable remote workers changes security strategies, priorities, and workflows for 2020.
New dashboards and visualization tools could improve personnel training, and SOC productivity while streamlining security operations.
Attendance down, costs up, and lots of tech talk
Spending is up, but perhaps not in the most needed areas, increased business leader involvement brings new challenges, while vertical industries have different requirements and priorities.
The long-time cybersecurity analyst is gone but not forgotten.
Unable to hire their way out of cybersecurity staffing problems, CISOs are turning to process automation, advanced analytics, and third-party services, among other methods.
New ESG research finds organizations are aggressively replacing on-premises security analytics and operations technologies with cloud-based alternatives. The shift comes with both short-term wins and strategic benefits.
Look for more integration, an increasing focus on risk management, and greater use of the public cloud.
Why it's time to change how security analysts visualize, manipulate, interact with, and act upon security telemetry.
The pace of technology and market changes will pick up in 2020, impacting security technologies, innovation, investment, and the industry at large.
Based on recent research, improving cybersecurity awareness among business executives, CIOs, and, yes, infosec professionals should be a goal for any organization.
New continuous automated penetration and attack testing (CAPAT) tools will help CISOs better see where they are vulnerable and prioritize remediation actions.
SOAPA and SOAR are vastly different. Security orchestration, automation, and response (SOAR) tools represent a component of a security operations and analytics platform architecture (SOAPA).
VMware's recent acquisition of Carbon Black gives the company a strong security foundation to build on.
Cybersecurity teams are fighting fires and still rely on manual processes. Meanwhile, the attack surface continues to grow. Process improvements are needed.
At this year's Black Hat, it was evident that several cybersecurity issues remain a concern, but the industry is making progress.
As Black Hat 2019 begins, the cybersecurity topics top of mind include network security platforms, threat detection/response services, new cloud security strategies, and clarification around security analytics.
More security data drives the need for data modeling, data management, and data discipline
With organizations increasingly needing help detecting and responding to threats, expect managed security services to be one of the main themes at Black Hat 2019.
Organizations want advanced analytics, threat intelligence integration, and IoT support among other things in network traffic analysis (NTA) tools.
To bridge the cyber-risk management gap, organizations plan to get CISOs more involved with the business, focus on data security, hire staff, and provide more security awareness training.
Form factors and use cases are changing, so network security must be more comprehensive, intelligent, and responsive than ever before.
AWS re:Inforce sets the bar for cloud security and the industry. Now Amazon needs to reinforce this leadership in an era of dynamic software development and hybrid cloud computing.
Limited training and unclear roles/responsibilities for cybersecurity teams restrict the effectiveness of data privacy programs.
Cisco's security team highlighted market results, integrated portfolio, and future plans, but there is still some work ahead.
Keeping up with IT, educating users, and working with the business top the list of the most stressful things of being a cybersecurity professional.
In the battle against hackers, cyber-adversaries have an advantage over cyber-defenders, new research from ESG and ISSA finds.
New research indicates that things are not improving for filling the demand for cybersecurity skills. The ramifications are widespread.
North Dakota is addressing the cybersecurity skills shortage with policies and programs for government, education, and business.
Organizations use too many disparate point tools to detect and respond to cyber threats in a timely manner. As a result, CISOs want tight integration and interoperability across five cybersecurity technologies.
Threat detection/response is a high priority, but many organizations don’t have the staff or skills to perform these tasks alone. This translates into a growing managed detection and response (MDR) market.
Organizations seeking tightly-integrated endpoint security solutions must determine how far they want to go.
Organizations must truly understand their vulnerabilities at all times to make the right risk mitigation decisions. Continuous automated security validation can provide that.
OpenC2, a standards effort from OASIS, has the potential to accelerate and automate risk mitigation and incident response. Users and vendors should jump onboard.
Prioritizing fixes, workflows, and timely patching are just some of the challenges organizations face, but advanced data analytics may help with vulnerability management.
As point tools come together as platforms and solutions, cybersecurity professionals need to think outside the box about procurement, implementation, and operations.
Organizations struggle with continuous monitoring, tracking the threat landscape, identifying sensitive data flows, and communication between cybersecurity and business executives.
The buzz at RSA 2019 included talk about cybersecurity and business leaders coming together, managed services, cloud security, network security and more.
The RSA Conference will feature cloud-scale security analytics, endpoint security suites, API security, advanced security services, and a traffic jam of people.
CISOs must manage cybersecurity based upon their organization’s mission, goals, and business processes, not the technology underpinnings.