Jon Oltsik is an ESG senior principal analyst and the founder of the firm’s cybersecurity service. With almost 30 years of technology industry experience, Jon is widely recognized as an expert in all aspects of cybersecurity and is often called upon to help customers understand a CISO's perspective and strategies.
Cybersecurity professionals are overworked and stressed out while their skills are languishing—a very troubling situation.
Working relationships between cybersecurity, business and IT groups are strained and fraught with challenges.
Research shows cybersecurity professionals value competitive compensation, a strong cybersecurity culture and business management commitment to cybersecurity.
Beyond the Certified Information Systems Security Professional (CISSP), other certifications are more specialized, esoteric and of marginal value.
A new report points to severe skills deficiencies, a lack of career planning, and inadequate training, representing existential cybersecurity risk.
The Splunk user conference (.Conf2016) highlights a balance between powerful new features and ease-of-use benefits.
Enterprise organizations are forced to ignore security alerts, live with excess risk, and deal with data breaches reactively when they happen.
Financial churn combined with new requirements are transforming the SIEM market for enterprise organizations.
Enterprise organizations must elevate identity management beyond IT operations and make it an essential component of business processes and security.
Good opportunities but challenges ahead for both companies
NSX security is gaining traction in the VMware installed based but the story remains confusing to cybersecurity professionals. VMware needs to bolster its NSX security go-to-market initiatives to scale to the next level
Cloud computing, network scale and incident response demand a better model for network security operations.
Four steps to turn threat intelligence data into measurable actions and results
With a long to-do list and perpetual skills shortage, CISOs are managing cybersecurity requirements, allocating resources and outsourcing.
Threats, vulnerabilities and security complexity represent serious challenges for cybersecurity professionals.
The Black Hat conference heads to Vegas next week, with a big interest in anti-ransomware, endpoint security, security analytics, cloud and IoT security.
New threats, risk management and IoT may make transform cybersecurity from being a set of horizontal technologies into a vertical business application.
Crypto, Steven Levy’s classic about privacy technology pioneers, is recommended reading for all cybersecurity professionals and should be inducted into the Cybersecurity Canon.
Cisco describes its cybersecurity progress and makes several announcements.
Four steps enterprises must take before they can integrate threat intelligence into their overall cybersecurity strategies
FireEye focused on engineering innovation, threat intelligence utilization and security as a service rather than Wall Street capriciousness.
The Software Assurance Marketplace is well-intended, but it suffers from a lack of relevant features, internal mismanagement and few actual users.
Blue Coat has a great management team and plenty of opportunity, but this deal comes with question marks.
Enterprise organizations demand that EDR products offer scalability, strong data management, flexible analytics and open integration.
Dangerous threats and new requirements are persuading organizations to collect, process and analyze more and more network telemetry and threat intelligence.
SDP depends on well-thought-out policies, strong authentication, and diligent data collection and analysis
Enterprise organizations are willingly moving sensitive data, mission-critical applications and network-based business processes to the public cloud.
CISOs need to overhaul their entire Identity and Access Management (IAM) infrastructure to include multi-factor authentication, consolidated identity repositories, and on-premise and cloud-based IAM technologies.
Enterprises use, but often abandon, traditional security controls to protect cloud-based applications and workloads.
The new endpoint security market will remain forked between advanced prevention and endpoint detection and response (EDR) products.
Specialized cybersecurity skills around cloud computing represent the biggest gap.
The next president must fund cybersecurity education, encourage private sector investment and take the lead on improving multi-lateral international cooperation.
These network appliances automatically block known threats, mitigate risk and streamline security operations.
Challenges from 2014 remain. Symantec must emphasize services, acquire promising startups, establish a partner ecosystem, and streamline products and operations
A global cybersecurity skills shortage is creating a rapid spike in salaries, exacerbating an already critical issue.
Many organizations continue to use and benefit from antivirus software, while others have yet to use all of its capabilities.
Google’s software-defined perimeter (SDP) architecture can act as a model that enterprise organizations can emulate and enhance over time.
Leading organizations are investing in new controls for sensitive data protection
ESG research data demonstrates that improving cybersecurity is a business – not just an IT – priority. What does this mean for enterprise organizations?
Advanced prevention will dominate and change the endpoint security market
CISOs must plan for expansive cloud growth AND a lack of cybersecurity professionals with cloud computing skills
A few last thoughts I had while fighting through the crowds at the Moscone Center
Security conference demonstrated the good, bad, and ugly about the cybersecurity industry
Industry must do more to decrease the attack surface, increase the productivity of cybersecurity professionals, and enhance overall protection without getting in the way of users
Skills shortage, security automation, cloud security, data security, endpoint security and security analytics top my list of priorities
With commercial and open source encryption tools readily available, criminals can easily bypass backdoors and vendor workarounds
President’s plan is commendable but lacks details, doesn’t go far enough, and needs to break free of the federal bureaucracy status quo
Industrialists' ideas about manufacturing operations serve as a good analogue for enterprise CISOs looking to improve IR efficiency.
CISOs are scrambling to find the right security policies, processes, controls, and monitoring to keep up with enterprise deployments of a multitude of cloud technologies.
FireEye remains aggressive, Norse implodes, and cybersecurity Symantec top the week’s events