Author Archives: Jon Oltsik
Author Archives: Jon Oltsik
The global cybersecurity skills shortage continues to be a critical issue. For example, ESG research found 45% of organizations report a “problematic shortage” of cybersecurity skills today, more than any other area within IT.Want more? Here are a few tidbits from last year’s research project done in conjunction with the Information Systems Security Association (ISSA). In a survey of 437 cybersecurity professionals and ISSA members: 29% of cybersecurity professionals said the global cybersecurity skills shortage has had a significant impact on their organization. Another 40% said the global cybersecurity skills shortage has impacted their organization “somewhat.” When asked to identify the impact of the cybersecurity skills shortage: 54% said it increased the cybersecurity staff’s workload 35% said their organization had to hire and train junior staff rather than hire people with the appropriate level of experience necessary 35% said the cybersecurity skills shortage has created a situation whereby the infosec team hasn’t had time to learn or use its security technologies to their full potential While the cybersecurity skills shortage endures, the industry itself remains white hot. According to a recent Bloomberg business article, the cybersecurity industry is expected to grow about 7% a year through 2019 to Continue reading
Each year, respondents ESG's annual global survey of IT and cybersecurity professionals are asked to identify the area where their organizations have a problematic shortage of skills. For the sixth year in a row, cybersecurity skills topped the list—this year, 45% of the 641 respondents said their organization has a problematic shortage of cybersecurity skills. Now, the cybersecurity skill shortage isn’t picky; it impacts all organizations across industries, organizational size, geography, etc. Nevertheless, global cybersecurity may be especially problematic for organizations in the mid-market, from 100 to 999 employees.Keep in mind that the skills shortage isn’t limited to headcount. Rather, it also includes skills deficiencies—situations where security staff members don’t have the right skills to address the dynamic and sophisticated threat landscape. To read this article in full or to leave a comment, please click here
Each year, respondents ESG's annual global survey of IT and cybersecurity professionals are asked to identify the area where their organizations have a problematic shortage of skills. For the sixth year in a row, cybersecurity skills topped the list—this year, 45% of the 641 respondents said their organization has a problematic shortage of cybersecurity skills. Now, the cybersecurity skill shortage isn’t picky; it impacts all organizations across industries, organizational size, geography, etc. Nevertheless, global cybersecurity may be especially problematic for organizations in the mid-market, from 100 to 999 employees.Keep in mind that the skills shortage isn’t limited to headcount. Rather, it also includes skills deficiencies—situations where security staff members don’t have the right skills to address the dynamic and sophisticated threat landscape. To read this article in full or to leave a comment, please click here
I’ve been remiss by not blogging earlier this year about ESG’s annual IT spending intentions research (note: I am an ESG employee). The year 2017 continues to follow a pattern – cybersecurity is a high business and IT priority for most organizations. Based upon a global survey of 641 IT and cybersecurity professionals, the ESG research reveals: While just over half (53%) of organizations plan on increasing IT spending overall this year, 69% say they are increasing spending on cybersecurity. As far as cybersecurity spending goes, 48% will make their most significant cybersecurity technology investments in cloud security 39% will in network security, 30% in endpoint security, and 29% in security analytics. Respondents were asked which business outcomes were their highest priorities for this year. The top three results were as follows: 43% said “reducing costs,” 40% said “increasing productivity, and 39% “improving information security.” When asked which business initiatives will drive the most IT spending, 39% said, “increasing cybersecurity,” the top selection of all. When asked to identify the most important IT initiatives for this year, the number one answer was, “strengthening cybersecurity controls and processes.” For the 6th year Continue reading
I’ve been remiss by not blogging earlier this year about ESG’s annual IT spending intentions research. The year 2017 continues to follow a pattern: Cybersecurity is a high business and IT priority for most organizations. Based upon a global survey of 641 IT and cybersecurity professionals, the ESG research reveals: While just over half (53%) of organizations plan on increasing IT spending overall this year, 69% said they are increasing spending on cybersecurity. As far as cybersecurity spending goes, 48% will make their most significant cybersecurity technology investments in cloud security, 39% will in network security, 30% in endpoint security, and 29% in security analytics. Respondents were asked which business outcomes were their highest priorities for this year. The top three results were as follows: 43% said “reducing costs,” 40% said “increasing productivity," and 39% said “improving information security.” When asked which business initiatives will drive the most IT spending, 39% said “increasing cybersecurity,” the top selection of all. When asked to identify the most important IT initiatives for this year, the number one answer was “strengthening cybersecurity controls and processes.” For the sixth year in a row, survey respondents said cybersecurity is the area where Continue reading
I’ve been remiss by not blogging earlier this year about ESG’s annual IT spending intentions research. The year 2017 continues to follow a pattern: Cybersecurity is a high business and IT priority for most organizations. Based upon a global survey of 641 IT and cybersecurity professionals, the ESG research reveals: While just over half (53%) of organizations plan on increasing IT spending overall this year, 69% said they are increasing spending on cybersecurity. As far as cybersecurity spending goes, 48% will make their most significant cybersecurity technology investments in cloud security, 39% will in network security, 30% in endpoint security, and 29% in security analytics. Respondents were asked which business outcomes were their highest priorities for this year. The top three results were as follows: 43% said “reducing costs,” 40% said “increasing productivity," and 39% said “improving information security.” When asked which business initiatives will drive the most IT spending, 39% said “increasing cybersecurity,” the top selection of all. When asked to identify the most important IT initiatives for this year, the number one answer was “strengthening cybersecurity controls and processes.” For the sixth year in a row, survey respondents said cybersecurity is the area where Continue reading
Security operations is changing, driven by a wave of diverse data types, analytics tools, and new operational requirements. These changes are initiating an evolution from monolithic security technologies to a more comprehensive event-driven software architecture (along the lines of SOA 2.0) where disparate security technologies connect via enterprise-class middleware for things like data exchange, message queueing, and risk-driven trigger conditions. ESG refers to this as a Security Operations and Analytics platform architecture or SOAPA. When speaking, or writing about SOAPA, I often compare this evolution to an analogous IT trend in the 1990s. Way back then, large organizations abandoned stand-alone departmental applications in favor or a more integrated software architecture, ERP. This transition resulted in a new generation of business applications acting as a foundation for greater automation, efficiency, and profitability.To read this article in full or to leave a comment, please click here
Security operations is changing, driven by a wave of diverse data types, analytics tools, and new operational requirements. These changes are initiating an evolution from monolithic security technologies to a more comprehensive event-driven software architecture (along the lines of SOA 2.0) where disparate security technologies connect via enterprise-class middleware for things like data exchange, message queueing, and risk-driven trigger conditions. ESG refers to this as a Security Operations and Analytics platform architecture or SOAPA. When speaking, or writing about SOAPA, I often compare this evolution to an analogous IT trend in the 1990s. Way back then, large organizations abandoned stand-alone departmental applications in favor or a more integrated software architecture, ERP. This transition resulted in a new generation of business applications acting as a foundation for greater automation, efficiency, and profitability.To read this article in full or to leave a comment, please click here
Security operations is changing, driven by a wave of diverse data types, analytics tools and new operational requirements. These changes are initiating an evolution from monolithic security technologies to a more comprehensive event-driven software architecture (along the lines of SOA 2.0) where disparate security technologies connect via enterprise-class middleware for things like data exchange, message queueing and risk-driven trigger conditions. ESG refers to this as a Security Operations and Analytics platform architecture or SOAPA. When speaking or writing about SOAPA, I often compare this evolution to an analogous IT trend in the 1990s. Way back then, large organizations abandoned stand-alone departmental applications in favor or a more integrated software architecture, ERP. This transition resulted in a new generation of business applications acting as a foundation for greater automation, efficiency and profitability.To read this article in full or to leave a comment, please click here
Security operations is changing, driven by a wave of diverse data types, analytics tools and new operational requirements. These changes are initiating an evolution from monolithic security technologies to a more comprehensive event-driven software architecture (along the lines of SOA 2.0) where disparate security technologies connect via enterprise-class middleware for things like data exchange, message queueing and risk-driven trigger conditions. ESG refers to this as a Security Operations and Analytics platform architecture or SOAPA. When speaking or writing about SOAPA, I often compare this evolution to an analogous IT trend in the 1990s. Way back then, large organizations abandoned stand-alone departmental applications in favor or a more integrated software architecture, ERP. This transition resulted in a new generation of business applications acting as a foundation for greater automation, efficiency and profitability.To read this article in full or to leave a comment, please click here
These days, it’s tough for any organization to keep up with cybersecurity operations. Why? Well the bad guys are pretty persistent for starters, launching a blitzkrieg of attacks and new types of exploits all the time. Okay, hackers are relentless but we’ve always know this and their behavior isn’t likely to change anytime soon. What’s really disturbing however is that a lot of problems associated with cybersecurity are based upon our own intransigence. And organizations aren’t struggling with one issue, rather cybersecurity operations challenges tend to be spread across people, processes and technology. When it comes to security operations, it’s kind of a ‘death by a thousand cuts’ situation. To read this article in full or to leave a comment, please click here
These days, it’s tough for any organization to keep up with cybersecurity operations. Why? Well, the bad guys are pretty persistent for starters, launching a blitzkrieg of attacks and new types of exploits all the time. OK, hackers are relentless, but we’ve always know this, and their behavior isn’t likely to change anytime soon. What’s really disturbing, however, is that a lot of problems associated with cybersecurity are based upon our own intransigence. And organizations aren’t struggling with one issue, rather cybersecurity operations challenges tend to be spread across people, processes and technology. When it comes to security operations, it’s kind of a "death by a thousand cuts" situation. To read this article in full or to leave a comment, please click here
These days, it’s tough for any organization to keep up with cybersecurity operations. Why? Well, the bad guys are pretty persistent for starters, launching a blitzkrieg of attacks and new types of exploits all the time. OK, hackers are relentless, but we’ve always know this, and their behavior isn’t likely to change anytime soon. What’s really disturbing, however, is that a lot of problems associated with cybersecurity are based upon our own intransigence. And organizations aren’t struggling with one issue, rather cybersecurity operations challenges tend to be spread across people, processes and technology. When it comes to security operations, it’s kind of a "death by a thousand cuts" situation. To read this article in full or to leave a comment, please click here
I’ve worked with McAfee for a long time—from its independent days, during the Network Associates timeframe, through financial issues, back to McAfee and the go-go Dave DeWalt era, and finally as Intel Security. To be honest, Intel’s acquisition of McAfee was always a head-scratcher for me. The 20-somethings on Wall Street crowed about Intel cramming McAfee security in its chip set, but this made no sense to me—Intel had long added security (and other) functionality into its processors with lukewarm market reception. The two cultures were a mismatch, as well. Ultimately, it seems Intel came to a similar conclusion and recently spun out McAfee in a private equity stew. To read this article in full or to leave a comment, please click here
I’ve worked with McAfee for a long time—from its independent days, during the Network Associates timeframe, through financial issues, back to McAfee and the go-go Dave DeWalt era, and finally as Intel Security. To be honest, Intel’s acquisition of McAfee was always a head-scratcher for me. The 20-somethings on Wall Street crowed about Intel cramming McAfee security in its chip set, but this made no sense to me—Intel had long added security (and other) functionality into its processors with lukewarm market reception. The two cultures were a mismatch, as well. Ultimately, it seems Intel came to a similar conclusion and recently spun out McAfee in a private equity stew. To read this article in full or to leave a comment, please click here
Micro-segmentation is nothing new, we starting talking about the concept a few years ago, with the onset of software-defined networking technologies like OpenFlow. More recently, micro-segmentation was most often associated with establishing trusted connections between cloud-based workloads.Micro-segmentation is simply a new software-based spin on the old practice of network segmentation which organizations have done for years with a variety of technologies – firewalls, VLANs, subnets, switch-based access control lists (ACLs) etc. In fact, many organizations use a potpourri of some or even all of these technologies. According to ESG research (note: I am an ESG employee)To read this article in full or to leave a comment, please click here
Micro-segmentation is nothing new, we starting talking about the concept a few years ago, with the onset of software-defined networking technologies like OpenFlow. More recently, micro-segmentation was most often associated with establishing trusted connections between cloud-based workloads.Micro-segmentation is simply a new software-based spin on the old practice of network segmentation which organizations have done for years with a variety of technologies – firewalls, VLANs, subnets, switch-based access control lists (ACLs) etc. In fact, many organizations use a potpourri of some or even all of these technologies. According to ESG research (note: I am an ESG employee):To read this article in full or to leave a comment, please click here
Micro-segmentation is nothing new. We starting talking about the concept a few years ago with the onset of software-defined networking (SDN) technologies such as OpenFlow. More recently, micro-segmentation was most often associated with establishing trusted connections between cloud-based workloads.Micro-segmentation is simply a new software-based spin on the old practice of network segmentation that organizations have done for years with a variety of technologies—firewalls, VLANs, subnets, switch-based access control lists (ACLs), etc. In fact, many organizations use a potpourri of some or even all of these technologies. According to ESG research:To read this article in full or to leave a comment, please click here
Micro-segmentation is nothing new. We starting talking about the concept a few years ago with the onset of software-defined networking (SDN) technologies such as OpenFlow. More recently, micro-segmentation was most often associated with establishing trusted connections between cloud-based workloads.Micro-segmentation is simply a new software-based spin on the old practice of network segmentation that organizations have done for years with a variety of technologies—firewalls, VLANs, subnets, switch-based access control lists (ACLs), etc. In fact, many organizations use a potpourri of some or even all of these technologies. According to ESG research:To read this article in full or to leave a comment, please click here
I learned this past Saturday that my good friend and Trend Micro CTO, Raimund Genes, passed away suddenly last week. Raimund was only 54.If you were lucky enough to cross paths with Raimund, you probably share my profound sorrow at his passing. For those who never had the pleasure of a meeting, allow me to provide a few thoughts about him: I first met Raimund at an industry event where he was supposed to go through a PowerPoint presentation with me. Upon shaking my hand, he said something like, “let’s skip the formalities of a canned presentation, go to the bar, get a drink, and just talk.” We did have a drink at the bar that day, but what I remember most was an hour of insightful and entertaining banter. He was both informal and informative simultaneously and we immediately connected. One of the things that I love about my job is that I get to speak to some of the smartest cybersecurity people – professionals, researchers, technology vendors, legislators, etc. – on a regular basis. Out of this exceptional population however, some people stand out. I call these folks my “beacons” Continue reading