Jon Oltsik
Author Archives: Jon Oltsik
- Home → Author's archive:
Jon Oltsik
0
Which Job-Related Factors Alienate Cybersecurity Pros?
When it comes to cybersecurity jobs, it is truly a seller’s market. According to ESG research published early this year, 46% of organizations report a problematic shortage of cybersecurity skills (note: I am an ESG employee). Additionally, a more recent research report from ESG and the Information Systems Security Association (ISSA) indicates that 46% of cybersecurity professionals are solicited by recruiters to consider another job at least once each week!The data indicates that there aren’t enough cybersecurity professionals around and those that are employed are in high demand. This puts a lot of pressure on CISOs and human resources people to make sure to keep their existing cybersecurity staff happy so they don’t walk out the door when they are barraged by headhunters’ calls. To read this article in full or to leave a comment, please click here
0
Which Job-Related Factors Alienate Cybersecurity Pros?
When it comes to cybersecurity jobs, it is truly a seller’s market. According to ESG research published early this year, 46% of organizations report a problematic shortage of cybersecurity skills (note: I am an ESG employee). Additionally, a more recent research report from ESG and the Information Systems Security Association (ISSA) indicates that 46% of cybersecurity professionals are solicited by recruiters to consider another job at least once each week!The data indicates that there aren’t enough cybersecurity professionals around and those that are employed are in high demand. This puts a lot of pressure on CISOs and human resources people to make sure to keep their existing cybersecurity staff happy so they don’t walk out the door when they are barraged by headhunters’ calls. To read this article in full or to leave a comment, please click here
0
Which job-related factors alienate cybersecurity pros?
When it comes to cybersecurity jobs, it is truly a seller’s market. According to ESG research published early this year, 46% of organizations report a problematic shortage of cybersecurity skills (note: I am an ESG employee). Additionally, a more recent research report from ESG and the Information Systems Security Association (ISSA) indicates that 46% of cybersecurity professionals are solicited by recruiters to consider another job at least once each week! The data indicates that there aren’t enough cybersecurity professionals around and those that are employed are in high demand. This puts a lot of pressure on CISOs and human resources people to make sure to keep their existing cybersecurity staff happy so they don’t walk out the door when they are barraged by headhunters’ calls. To read this article in full or to leave a comment, please click here
0
Trump remains frighteningly behind in cybersecurity
As we move into 2017, cybersecurity concerns continue to escalate. This past few months, we’ve seen some scary incidents, such as the Oct. 21 distributed denial of service (DDoS) attack on the DNS services at Dyn that used IoT devices like home routers and cameras as a botnet. Oh, and the last few months of the U.S. presidential election featured data breaches of the DNC and Clinton campaign manager John Podesta’s email and the subsequent posting of this information on WikiLeaks.It's pretty alarming, and it doesn’t appear things will get better anytime soon. This begs the question: What type of cybersecurity response can we expect from President Donald Trump’s administration? To read this article in full or to leave a comment, please click here
0
Trump remains frighteningly behind in cybersecurity
As we move into 2017, cybersecurity concerns continue to escalate. This past few months, we’ve seen some scary incidents, such as the Oct. 21 distributed denial of service (DDoS) attack on the DNS services at Dyn that used IoT devices like home routers and cameras as a botnet. Oh, and the last few months of the U.S. presidential election featured data breaches of the DNC and Clinton campaign manager John Podesta’s email and the subsequent posting of this information on WikiLeaks.It's pretty alarming, and it doesn’t appear things will get better anytime soon. This begs the question: What type of cybersecurity response can we expect from President Donald Trump’s administration? To read this article in full or to leave a comment, please click here
0
Goodbye NAC, Hello Software-defined Perimeter (SDP)
Those of us who’ve been around security technology for a while will remember the prodigious rise of network access control (NAC) around 2006. Now the ideas around NAC had been around for several years beforehand, but 2006 gave us Cisco’s network admission control (aka Cisco NAC), Microsoft’s network access protection (NAP), and then a whole bunch of venture-backed NAC startups (ConSentry, Lockdown Networks, Mirage Networks, etc.).There were lots of reasons why the industry was gaga over NAC at the time, but it really came down to two major factors:1. Broad adoption of WLANs. In 2006, wireless networking based upon 802.11 was transforming from a novelty to the preferred technology for network access. I also believe that laptop sales first overtook desktop computer sales around this same timeframe so mobility was becoming an IT staple as well. Many organizations wanted a combination of NAC and 802.1X so they could implement access policies and monitor who was accessing the network.To read this article in full or to leave a comment, please click here
0
Goodbye NAC, Hello Software-defined Perimeter (SDP)
Those of us who’ve been around security technology for a while will remember the prodigious rise of network access control (NAC) around 2006. Now the ideas around NAC had been around for several years beforehand, but 2006 gave us Cisco’s network admission control (aka Cisco NAC), Microsoft’s network access protection (NAP), and then a whole bunch of venture-backed NAC startups (ConSentry, Lockdown Networks, Mirage Networks, etc.).There were lots of reasons why the industry was gaga over NAC at the time, but it really came down to two major factors:1. Broad adoption of WLANs. In 2006, wireless networking based upon 802.11 was transforming from a novelty to the preferred technology for network access. I also believe that laptop sales first overtook desktop computer sales around this same timeframe so mobility was becoming an IT staple as well. Many organizations wanted a combination of NAC and 802.1X so they could implement access policies and monitor who was accessing the network.To read this article in full or to leave a comment, please click here
0
Goodbye, NAC. Hello, software-defined perimeter
Those of us who’ve been around security technology for a while will remember the prodigious rise of network access control (NAC) around 2006. Now, the ideas around NAC had been around for several years beforehand, but 2006 gave us Cisco’s network admission control (aka Cisco NAC), Microsoft’s network access protection (NAP) and then a whole bunch of venture-backed NAC startups (ConSentry, Lockdown Networks, Mirage Networks, etc.).There were lots of reasons why the industry was gaga over NAC at the time, but it really came down to two major factors: Broad adoption of WLANs. In 2006, wireless networking based upon 802.11 was transforming from a novelty to the preferred technology for network access. I also believe laptop sales first overtook desktop computer sales around this same timeframe, so mobility was becoming an IT staple as well. Many organizations wanted a combination of NAC and 802.1X so they could implement access policies and monitor who was accessing the network. A wave of internet worms. The early 2000s produced a steady progression of internet worms, including Code Red (2001), Nimda (2001), SQL Slammer (2003), Blaster (2003), Bagel (2004), Sasser (2004), Zotob (2005), etc. These worms could easily spread Continue reading
0
Election Data Models Lesson for Cybersecurity
If you are like me, you were pretty convinced that Secretary Clinton was poised to be the President elect. Confidence in this opinion was based on reviewing numerous big data analytics models from the fivethirtyeight.com, the New York Times, Princeton, etc. The lowest percentage gave Mrs. Clinton roughly a 65% chance of winning on November 8. So, what happened? Every database jockey recognizes the old maxim of garbage in/garbage out. In other words, killer algorithms and all the processing power in the world are rather useless if your model is built on the back of crappy data. Obviously, all the brainiacs building these models made a critical mistake in not gathering data from disenfranchised white voters in rural areas. The result? A stunning election result and lots of eggs on ivy league elitist faces.To read this article in full or to leave a comment, please click here
0
Election Data Models Lesson for Cybersecurity
If you are like me, you were pretty convinced that Secretary Clinton was poised to be the President elect. Confidence in this opinion was based on reviewing numerous big data analytics models from the fivethirtyeight.com, the New York Times, Princeton, etc. The lowest percentage gave Mrs. Clinton roughly a 65% chance of winning on November 8. So, what happened? Every database jockey recognizes the old maxim of garbage in/garbage out. In other words, killer algorithms and all the processing power in the world are rather useless if your model is built on the back of crappy data. Obviously, all the brainiacs building these models made a critical mistake in not gathering data from disenfranchised white voters in rural areas. The result? A stunning election result and lots of eggs on ivy league elitist faces.To read this article in full or to leave a comment, please click here
0
Election data models provide a lesson for cybersecurity
If you are like me, you were pretty convinced that Secretary Clinton was poised to be the President elect. Confidence in this opinion was based on reviewing numerous big data analytics models from the fivethirtyeight.com, The New York Times, Princeton, etc. The lowest percentage gave Mrs. Clinton roughly a 65 percent chance of winning on November 8. So, what happened? Every database jockey recognizes the old maxim of garbage in/garbage out. In other words, killer algorithms and all the processing power in the world are rather useless if your model is built on the back of crappy data. Obviously, all the brainiacs building these models made a critical mistake in not gathering data from disenfranchised white voters in rural areas. The result? A stunning election result and lots of eggs on Ivy League elitist faces.To read this article in full or to leave a comment, please click here
0
The scary state of the cybersecurity profession
Most discussions about cybersecurity tend to go right to technology, and these days they usually start with the words “next generation” as in next-generation firewalls, IPS, endpoint security, etc. I get it, since innovative technology is sexy, but it’s important to realize that skilled cybersecurity professionals anchor cybersecurity best practices. We depend on actual people to configure controls, sort through data minutiae to detect problems, and remediate issues in a timely manner.+ Also on Network World: Recruiting and retaining cybersecurity talent + Since these folks protect all our digital assets daily, it’s only natural that we’d be curious as to how they are doing. To measure these feelings, ESG teamed up with the Information Systems Security Association (ISSA) and conducted a survey of 437 global cybersecurity professionals. This project resulted in a recently published research report. To read this article in full or to leave a comment, please click here
0
The scary state of the cybersecurity profession
Most discussions about cybersecurity tend to go right to technology, and these days they usually start with the words “next generation” as in next-generation firewalls, IPS, endpoint security, etc. I get it, since innovative technology is sexy, but it’s important to realize that skilled cybersecurity professionals anchor cybersecurity best practices. We depend on actual people to configure controls, sort through data minutiae to detect problems, and remediate issues in a timely manner.+ Also on Network World: Recruiting and retaining cybersecurity talent + Since these folks protect all our digital assets daily, it’s only natural that we’d be curious as to how they are doing. To measure these feelings, ESG teamed up with the Information Systems Security Association (ISSA) and conducted a survey of 437 global cybersecurity professionals. This project resulted in a recently published research report. To read this article in full or to leave a comment, please click here
0
Cybersecurity: A Priority for Next POTUS
When the two major presidential candidates haven’t been focused on each other’s personal behavior or legal imbroglios, they’ve tended to discuss a few major issues such as health care, immigration reform, or battling terrorism. Yes, these are critical topics but what about cybersecurity? After all, this very campaign has featured nation state hacking, email theft, and embarrassing email disclosures from egomaniac Julian Assange and WikiLeaks. Alas, each candidate has been relatively silent about cybersecurity threats, national vulnerabilities, or what they plan to do to bridge this gap. Secretary Clinton’s policies look a lot like President Obama’s Cybersecurity National Action Plan (CNAP) but add a national security component due to her personal experience with state sponsored hacks of the DNC and John Podesta. Donald Trump seemed completely ignorant about cybersecurity issues (remember “the cyber” comments and his rant about his 10-year-old son’s computer skills?), but has since come up with some pedestrian cybersecurity policy objectives. To read this article in full or to leave a comment, please click here
0
Cybersecurity: A Priority for Next POTUS
When the two major presidential candidates haven’t been focused on each other’s personal behavior or legal imbroglios, they’ve tended to discuss a few major issues such as health care, immigration reform, or battling terrorism. Yes, these are critical topics but what about cybersecurity? After all, this very campaign has featured nation state hacking, email theft, and embarrassing email disclosures from egomaniac Julian Assange and WikiLeaks. Alas, each candidate has been relatively silent about cybersecurity threats, national vulnerabilities, or what they plan to do to bridge this gap. Secretary Clinton’s policies look a lot like President Obama’s Cybersecurity National Action Plan (CNAP) but add a national security component due to her personal experience with state sponsored hacks of the DNC and John Podesta. Donald Trump seemed completely ignorant about cybersecurity issues (remember “the cyber” comments and his rant about his 10-year-old son’s computer skills?), but has since come up with some pedestrian cybersecurity policy objectives. To read this article in full or to leave a comment, please click here
0
Trend Micro’s Enterprise Play
I spent a few days with Trend Micro last week at its Insight event here in Boston. While Trend is a $1 billion + global cybersecurity vendor, too many cybersecurity professionals still think of Trend as an Asian-based AV player. This perception is completely antiquated however, as Trend now offers: A tightly-integrated next-generation endpoint security suite. There’s a lot of industry rhetoric out there proclaiming Trend as a legacy AV vendor. Don’t believe it! Yes, Trend Micro’s endpoint security product has been around forever but the company has continuously enhanced it technology to keep up with the latest requirements. Most recently, Trend added machine learning for pre- and post-execution prevention/detection of 0-day malware which puts in on par with the next-generation endpoint security crowd. Oh, and Trend also offers its own EDR functionality as well. Armed with its new product, Trend’s layered endpoint defense should meet the security efficacy and operational efficiency requirements of even the most demanding enterprises. A strong network security defense portfolio. Now that the dust has settled from Trend’s acquisition of TippingPoint a year ago, the company also has robust products for network security. After HP let Continue reading
0
Trend Micro’s Enterprise Play
I spent a few days with Trend Micro last week at its Insight event here in Boston. While Trend is a $1 billion + global cybersecurity vendor, too many cybersecurity professionals still think of Trend as an Asian-based AV player. This perception is completely antiquated however, as Trend now offers: A tightly-integrated next-generation endpoint security suite. There’s a lot of industry rhetoric out there proclaiming Trend as a legacy AV vendor. Don’t believe it! Yes, Trend Micro’s endpoint security product has been around forever but the company has continuously enhanced it technology to keep up with the latest requirements. Most recently, Trend added machine learning for pre- and post-execution prevention/detection of 0-day malware which puts in on par with the next-generation endpoint security crowd. Oh, and Trend also offers its own EDR functionality as well. Armed with its new product, Trend’s layered endpoint defense should meet the security efficacy and operational efficiency requirements of even the most demanding enterprises. A strong network security defense portfolio. Now that the dust has settled from Trend’s acquisition of TippingPoint a year ago, the company also has robust products for network security. After HP let Continue reading
0
Cybersecurity Isn’t Always a “Boardroom Issue”
We’ve all heard or read the rhetoric that “cybersecurity has become a boardroom issue.” I certainly agree that we are trending in this direction but is this true today or nothing more than marketing hype?ESG recently published a new research report in collaboration with the Information Systems Security Association (ISSA) titled, The State of Cyber Security Professional Careers, to ask a number of questions and truly capture the voice of cybersecurity professionals. As part of this project, cybersecurity professionals were asked if their CISO’s (or similar role) participation with executive management (i.e. CEO, board of directors, etc.) was at an adequate level. Just over (56%) half answered “yes,” but 16% thought the level of CISO participation with executive management should increase somewhat while another 12% believe that the CISO’s level of participation with executive management should increase significantly. The remaining 16% responded, “don’t know” (note: I am an ESG employee). To read this article in full or to leave a comment, please click here
0
Cybersecurity Isn’t Always a “Boardroom Issue”
We’ve all heard or read the rhetoric that “cybersecurity has become a boardroom issue.” I certainly agree that we are trending in this direction but is this true today or nothing more than marketing hype?ESG recently published a new research report in collaboration with the Information Systems Security Association (ISSA) titled, The State of Cyber Security Professional Careers, to ask a number of questions and truly capture the voice of cybersecurity professionals. As part of this project, cybersecurity professionals were asked if their CISO’s (or similar role) participation with executive management (i.e. CEO, board of directors, etc.) was at an adequate level. Just over (56%) half answered “yes,” but 16% thought the level of CISO participation with executive management should increase somewhat while another 12% believe that the CISO’s level of participation with executive management should increase significantly. The remaining 16% responded, “don’t know” (note: I am an ESG employee). To read this article in full or to leave a comment, please click here
0
Cybersecurity, Business, and IT Relationships
As the old adage states: People are the weakest link in the cybersecurity chain. This is a problem because strong cybersecurity depends upon both individual skills and organizational collaboration between cybersecurity, business, and IT groups. To use another analogy, cybersecurity is a team sport. If the cybersecurity team doesn’t communicate and collaborate well with other groups within an organization, it will be difficult if not impossible to stay current with what’s needed for security incident prevention, detection, and response.Unfortunately, this is the situation too often today. According to a new research report from ESG and the Information Systems Security Association (ISSA), 20% of cybersecurity professionals claim that the relationship between cybersecurity and IT teams is “fair or poor” today, while 27% rate the relationship between cybersecurity and business team as “fair or poor” (Note: I am an ESG employee).To read this article in full or to leave a comment, please click here