RSA Conference 2024 | Jon Oltsik | Enterprise Strategy Group

Clips
News
More from RSA Conference 2024

Jon Oltsik

Principal Analyst in Residence

theCUBE Research

Analyzing trends in cybersecurity: Funding, market consolidation and the role of AI

A new crop of cybersecurity threats are emerging as the world moves back to pre-pandemic activity levels.Exploiting the artificial intelligence wave, these new threats are forcing a rethink of the collective approach to securing digital assets at the enterprise scale.“The threats are pervasive; they’re more specialized, and that’s only going to continue, and the regulators have caught up to that,” said Jon Oltsik (pictured), analyst emeritus at Enterprise Strategy Group. “There’s a lot of buzz around technology and generative AI

play_circle_outline Interest in AI LLM security solutions and zero trust solutions

play_circle_outline Securing generative AI relies on strong hygiene and posture

play_circle_outline The Imperative of Data Standardization and Adoption of Generative AI for Cybersecurity Consolidation

play_circle_outline The Shift Left: Market's Transition Towards Vertical Strategies and Enhanced Security and Testing Innovations

Info

Jon Oltsik | Enterprise Strategy Group

Jon Oltsik

Principal Analyst in Residence theCUBE Research

search

>> Hi, everybody. Welcome back to Moscone West. This theCube's coverage, continuous live coverage of RSAC 2024. Check out siliconangle.com, Rob Hof and the editorial team at siliconangle.com. They've been pounding out all the news. They've got a special cybersecurity RSA feature section. Check out thecuberesearch.of course, thecube.net where we broadcast all of our live and on-demand videos. Jon Oltsik is here. He's the analyst emeritus at the Enterprise Strategy Group, ESG owned by TechTarget. Jon, thanks for spending some time with us. It's great to see you.

Jon Oltsik

>> It's good to see you too, Dave. I'm happy to be here.

>> Yeah, I love the button you were telling me, was it 19 years?

Jon Oltsik

>> 19 the last 21. I missed one because of COVID, and I missed another because I had emergency eye surgery, so that was a priority.

>> That's like, what's that loyalty plus that's called, or...

Jon Oltsik

>> That's called loyalty plus, yeah.

>> That should be loyalty, like platinum-

Jon Oltsik

>> Loyalty plus, plus, plus.

>> It's pretty awesome. So you got the history of the show. It feels like we're back to pre-COVID levels and then some.

Jon Oltsik

>> Yes.

>> The energy level because of GenAI and just the MA activity, the funding climate, the economy, all the energy around that seems to be pretty high. What's your take on RSA relative to pre-COVID years?

Jon Oltsik

>> I think you nailed it. I think there's more buzz, there's more money. The money's starting to come back. The interest rates are still pretty high, but the money's starting to come back. What you didn't mention, though, is the threats. The threats are pervasive, they're more specialized, and that's only going to continue, and the regulators have caught up to that. So yes, there's a lot of buzz around technology and generative AI. But if I'm a cyber security professional, I'm here because I'm under threat, and I'm looking for new types of solutions, new types of architectures to deal with that.

>> We looked at our survey data. We did a survey with our partners, ETR. It was a flash survey, so it wasn't a huge end, it was like 321, 50of the people in the survey, though, were attending RSA, so that was good. We got a good sample there. When we asked them, What you most interested in?The top two were AI LLM security solutions and zero trust solutions. So help us squint through the noise to get to the signal. So how should we be thinking about, let's start with the hot topic, AI LLMs. What's real? What's BS? What should practitioners be thinking about in terms of applying AI to improve their posture?

Jon Oltsik

>> Well, so first, there's the securing AI, and I participate in this panel with a number of CISOs. We all tend to agree that 80of securing generative AI across your organization is just strong hygiene and posture. So do I know what data is involved? Do I know who's accessing this? Do I know the developers? Do I know their entitlements? This is all part and parcel of just protecting your environment, and it's really a fundamental of cybersecurity. So I foresee people getting their act together and just security hygiene for the next couple of years with an adjunct specifically around generative AI. Now, as far as being a practitioner, what the ESG data is is that 75of organizations are experimenting with generative AI for cybersecurity. But the key word there is experimenting. Now, it'll come in the back door on the backs of a lot of solutions, but it's use case-based and it's individual's needs. The thought that it's going to solve a lot of problems and span all your cybersecurity needs, we're a few years away from

>> Jon, posture management's been not really a new thing, although some new

>> have come up. But what role does the technology community play? Is it a consultative role to help you improve your posture? Are there products and solutions, both? How should we think about that?

Jon Oltsik

>> Well, here's the problem. Your attack surface is growing and changing all the time. I think it was a Palo Alto statistic that 20of your attack surface changes on a monthly basis, and according to them, again, 50of the exploits are related to that now. That's happening at a much faster pace than we're keeping up. The other thing is we've got vulnerability management over here. We've got application security over here. We've got your CMDB and your IT operations roles over here. If I'm the CISO, I have to have a view of all of those things, and we haven't gotten there yet. I don't think we'll ever get there because things are changing so quickly. So you do need technology and AI will play a role, but you need those strong processes. You need communications, you need reporting. Just basic stuff that people get wrong all the time.

>> We love having analysts on because you're independent. You've obviously got a long history in the marketplace. One of the narratives that we've been hearing for the last couple of years is around consolidation. You certainly hear Palo, Alto talk about it. CrowdStrike talks about it. Many others too. Those two stand out because they're some of the larger companies, even Microsoft getting into more territories. I'm not sure they're consolidating, but they're certainly selling a lot of tooling. If I had to ask you, and it's interesting, 'cause we ask this question and we get different answers from practitioners and vendors, which of the following best describes what's happening in the market over the next 12 months with respect to consolidating the number of vendors installed, security vendors, the number is increasing over the next 12 months, it's decreasing or staying the same? What would you say?

Jon Oltsik

>> I would say it's increasing and decreasing. That's a wishy-washy answer, but let me explain. So if I'm the CISO, part of my job is to rationalize my technology stack-

>> Okay....

Jon Oltsik

>> and I should be doing that every year. Do we need all these tools? Do I need three different EDR vendors if I'm a large enterprise or can I consolidate? We saw that with firewalls a few years ago. At the same time, there's specialized needs in cloud security, in identity management, in data security, and I should be reviewing those kinds of things too. Now, I probably don't make that decision as a CISO. I hand that down or I delegate that down to the specialists, but that's happening too. So I do believe in consolidation, but the notion that you're going to have one platform I think is crazy. I think what you'll more likely have is a federated model, lots of different siloed analytics and data structure, and you need some type of analytics layer over the top. So if you know the company Palantir-

>> Sure....

Jon Oltsik

>> I see a Palantir-like overlord over all of the data for link analysis in time. But at the same time, you'll have multiple platforms. So that's what I mean by increasing and decreasing.

>> Interesting you bring up Palantir because I think when you look at data platforms and how they're evolving, the Palantir model is kind of interesting. Like you said, a platform that can oversee or transcend single stovepipes, we see the data platform world moving in that direction. It sounds like security has the potential to move that way as well.

Jon Oltsik

>> Your instincts are absolutely right. That has to happen. So I'm a big fan of the open cybersecurity framework. I've been talking about this for years, Dave, that we need standardization on the data level, and it will happen over time, but it's not going to happen broadly. OCSF will go through multiple iterations. So you'll have some vendor who supports 1.0, not 2.and so you need some kind of aggregation layer. So the Cribls of the world, the data fabrics of the world absolutely play a role here. Then a Palantir is going to sit on top of those with analytics, and it's really an analytics and a data aggregation platform because the data sources are just increasing, again, not exponentially, but you need to look at data that you never thought you'd look at five, 10 years ago as a security professional.

>> Zero trust, buzzword or mandate?

Jon Oltsik

>> Mandate.

>> Explain.

Jon Oltsik

>> We have to get to a point where we can have micro-segmentation on the network where we have trusted relationships between users and applications, we have really strict entitlements, MFA everywhere or passwordless everywhere. But the Department of Defense standard or framework with 158 different characteristics of zero trust, it's going to take years to get there. So right now, zero trust is a use case-based initiative and with a more aspirational view of an enterprise initiative, but it's happening. But my friend John, who invented Zero Trust 25 years ago or so, he's still talking zero trust. So that tells you this is something that's going to take time to-

>> Hard to operationalize-

Jon Oltsik

>> Yes....

>> right? But by use case, you actually can have some success.

Jon Oltsik

>> And the use cases will be driven by the business. It's not a security initiative, it's a business; with a security context, of course, but the business has to mandate it.

>> When you talk to customers in your journeys, so it sounds like you wouldn't say there's no customer that has zero trust everywhere, but you're saying there is some success within specific examples of use cases.

Jon Oltsik

>> Yes.

>> Then is it like painting the Golden Gate Bridge? By the time you finish, you got to go back and those original use cases are now legacy and need to be updated, or can you add on, is it a journey that you can evolve to get to largely a zero trust network architecture?

Jon Oltsik

>> Yeah, I think it's a journey, and I think you do have to iterate, you do have to review where you're at because the people that you give access to will change, the applications will change, the entitlements will change. So nothing is static anymore. Everything's changing very quickly, and so you have to have that build, implement, review kind of cycle.

>> Ma pretty interesting topic in cyber security, it always is. There's rumors about Wiz acquiring Lacework. There's so much action in the market. I know if you saw Island, we just had Island on earlier. They raised 175 million at a 3 billion valuation. Corelite raised 150 million, on and on and on and on, every week it seems like you see some new startup gets either mentioned or gets acquired. Private equity is very heavily involved in this. It's like Capital's got a big party Wednesday night. They've done a lot of investing from data protection all the way through. What you make of the MA market? It doesn't look like it's going to slow down anytime soon.

Jon Oltsik

>> Well, the IPO market's pretty stale right now, so that is your exit. I think what we'll see, well, we'll always see the platform vendors filling in holes. We've seen that for years. Whether it's Palo Alto or Fortinet or Cisco, they're going to fill holes. I think there'll also be a lot of buyer sales coming up soon because of companies that got their funding a few years ago who are now running out of capital. But I do see a healthy market now. I see the big guys getting bigger, and so they're going to acquire. It's been pretty much consistent throughout my career, and I don't see an end in site.

>> Well, Lacework looks like a little potential fire sale, right? The number thrown around is 200 million. Those guys raised more than a billion dollars.

Jon Oltsik

>> Well, what does that tell you?

>> Yeah, right. I don't know what's going to happen to the cash, that's the question. Does the cash go back to investors, or-

Jon Oltsik

>> Yeah, it goes to preferred shareholders. You

Jon Oltsik

>> Yeah.

>> First in first out.

Jon Oltsik

>> That's it. That's it.not necessarily.

Jon Oltsik

>> But there's potential. There is a roll up. There's the agent in agentless angle. Wiz is a big company, and it has to fill some holes, and maybe that's a good financial deal for them. Or they could just be doing due diligence and seeing what Lacework has, and maybe they have a side project to assess, build or buy.

>> Israel has been a hotbed of innovation in cyber for decades. How has the war affected that? Has it had a negative effect on innovation out of Israel specifically, of course? But how does that affect the cyber security industry?

Jon Oltsik

>> It hasn't seemed to have a big effect. I feel for my Israeli friends and colleagues, they're living and they've learned to live through this hostile environment. Of course, it's worse now, but it doesn't seem to have a real acute feel now. We'll see what happens 'cause anything could happen in terms of escalation there. I hope it doesn't, but it doesn't seem to have at least a substantial impact right now.

>> Give us the last word, 19 out of 21 years, you've seen it all. Where's this industry headed? It seems like attackers continue to have at least the first mover advantage.

Jon Oltsik

>> Yes.

>> That's not going to change, I presume. Maybe it will with AGI, I don't know, but it seems like that's a perpetual dynamic. What should we be looking for? What are the handful of factors, and maybe not milestones, but indicators that we should be watching as observers in this industry?

Jon Oltsik

>> A few things come to mind. So the first is just the scale of the problem, and I mentioned this before. With all the cloud development with generative AI coming into place with the IoT and OT types of solutions out there that are on the IP networks, this has become a really monumental task. CISOs I talked to talk about that, so that's one thing. Another thing is I do see the market moving toward more vertical strategies. So if I'm the CISO of a healthcare organization, I've got different regulations. I've got different equipment. I've got different constituencies than someone in manufacturing or financial services. Of course, we all need email security and endpoint security, but the application of that against the threats changes. Another thing I see is this whole shift left, and I don't mean in application security, I mean in security in general, the military calls it left of boom. We've got to get a better understanding of what the adversaries are doing and then build what MITRE calls a threat-informed defense. That's hard to do, and so I see a lot of innovation in threat intelligence, in the application of threat intelligence, in building controls based on, again, what the adversaries are doing. Then as a follow-up to that, testing, so making sure that when we do red teaming that our controls can actually perform to where we think they are. I can keep going.

>> Well, I want to follow up on something you said-

Jon Oltsik

>> Okay....

>> which is the OT piece of it-critical infrastructure.

Jon Oltsik

>> Yes.

>> I obviously don't have your depth of knowledge or history, but I've been around a long time. I feel as though as a society, we don't understand, that we don't appreciate the level of risk that we face with respect to critical infrastructure.

Jon Oltsik

>> Yes.

>> This is a national and global security issue that I think is underrepresented in the media and in the daily conversations. What can you add to that statement?

Jon Oltsik

>> I think you're accurate, and I would encourage people who have that attitude to look at what's happening in the Ukraine. They're facing cyber and kinetic attacks on their critical infrastructure, which is the scenario. It'll be cyber first and then kinetic in an active shooting war like that. But we know that adversaries are really attacking or putting in time bombs into our critical infrastructure. We know that in water supply. We know that in electrical grids. I'm sure that it's in the telecom infrastructure, the healthcare infrastructure. No, this is a huge issue, and it seems like everyone is arming the battlefield for the escalation that may take place, and it's very, very scary. The federal government gets this. The critical infrastructures themselves sometimes fight this because they don't want the expense, they don't want the publicity there. But yeah, you're absolutely right, this is a real concern for society as a whole.

>> All right, so hopefully we can help shine a light on that, Jon. I wish we could keep going. We're out of time. Really appreciate you bringing your knowledge to theCUBE, such a deep expert in this space. You've done a great service to the community. Congratulations on your retirement, even though you still-you still got your foot in the door here, and we're glad to have you. Thank you so much for Dave. It was great to talk to you.

>> Yeah, pleasure. All right, keep it right there. We'll be up with our next guest. We're live from RSAC 2024. We're here in Moscone West at Broadcast Alley. Stop by and see us. We'll be right back right for this short break.

Jon Oltsik | Enterprise Strategy Group

search

>> Hi, everybody. Welcome back to Moscone West. This theCube's coverage, continuous live coverage of RSAC 2024. Check out siliconangle.com, Rob Hof and the editorial team at siliconangle.com. They've been pounding out all the news. They've got a special cybersecurity RSA feature section. Check out thecuberesearch.of course, thecube.net where we broadcast all of our live and on-demand videos. Jon Oltsik is here. He's the analyst emeritus at the Enterprise Strategy Group, ESG owned by TechTarget. Jon, thanks for spending some time with us. It's great to see you.

Jon Oltsik

>> It's good to see you too, Dave. I'm happy to be here.

>> Yeah, I love the button you were telling me, was it 19 years?

Jon Oltsik

>> 19 the last 21. I missed one because of COVID, and I missed another because I had emergency eye surgery, so that was a priority.

>> That's like, what's that loyalty plus that's called, or...

Jon Oltsik

>> That's called loyalty plus, yeah.

>> That should be loyalty, like platinum-

Jon Oltsik

>> Loyalty plus, plus, plus.

>> It's pretty awesome. So you got the history of the show. It feels like we're back to pre-COVID levels and then some.

Jon Oltsik

>> Yes.

>> The energy level because of GenAI and just the MA activity, the funding climate, the economy, all the energy around that seems to be pretty high. What's your take on RSA relative to pre-COVID years?

Jon Oltsik

>> I think you nailed it. I think there's more buzz, there's more money. The money's starting to come back. The interest rates are still pretty high, but the money's starting to come back. What you didn't mention, though, is the threats. The threats are pervasive, they're more specialized, and that's only going to continue, and the regulators have caught up to that. So yes, there's a lot of buzz around technology and generative AI. But if I'm a cyber security professional, I'm here because I'm under threat, and I'm looking for new types of solutions, new types of architectures to deal with that.

>> We looked at our survey data. We did a survey with our partners, ETR. It was a flash survey, so it wasn't a huge end, it was like 321, 50of the people in the survey, though, were attending RSA, so that was good. We got a good sample there. When we asked them, What you most interested in?The top two were AI LLM security solutions and zero trust solutions. So help us squint through the noise to get to the signal. So how should we be thinking about, let's start with the hot topic, AI LLMs. What's real? What's BS? What should practitioners be thinking about in terms of applying AI to improve their posture?

Jon Oltsik

>> Well, so first, there's the securing AI, and I participate in this panel with a number of CISOs. We all tend to agree that 80of securing generative AI across your organization is just strong hygiene and posture. So do I know what data is involved? Do I know who's accessing this? Do I know the developers? Do I know their entitlements? This is all part and parcel of just protecting your environment, and it's really a fundamental of cybersecurity. So I foresee people getting their act together and just security hygiene for the next couple of years with an adjunct specifically around generative AI. Now, as far as being a practitioner, what the ESG data is is that 75of organizations are experimenting with generative AI for cybersecurity. But the key word there is experimenting. Now, it'll come in the back door on the backs of a lot of solutions, but it's use case-based and it's individual's needs. The thought that it's going to solve a lot of problems and span all your cybersecurity needs, we're a few years away from

>> Jon, posture management's been not really a new thing, although some new

>> have come up. But what role does the technology community play? Is it a consultative role to help you improve your posture? Are there products and solutions, both? How should we think about that?

Jon Oltsik

>> Well, here's the problem. Your attack surface is growing and changing all the time. I think it was a Palo Alto statistic that 20of your attack surface changes on a monthly basis, and according to them, again, 50of the exploits are related to that now. That's happening at a much faster pace than we're keeping up. The other thing is we've got vulnerability management over here. We've got application security over here. We've got your CMDB and your IT operations roles over here. If I'm the CISO, I have to have a view of all of those things, and we haven't gotten there yet. I don't think we'll ever get there because things are changing so quickly. So you do need technology and AI will play a role, but you need those strong processes. You need communications, you need reporting. Just basic stuff that people get wrong all the time.

>> We love having analysts on because you're independent. You've obviously got a long history in the marketplace. One of the narratives that we've been hearing for the last couple of years is around consolidation. You certainly hear Palo, Alto talk about it. CrowdStrike talks about it. Many others too. Those two stand out because they're some of the larger companies, even Microsoft getting into more territories. I'm not sure they're consolidating, but they're certainly selling a lot of tooling. If I had to ask you, and it's interesting, 'cause we ask this question and we get different answers from practitioners and vendors, which of the following best describes what's happening in the market over the next 12 months with respect to consolidating the number of vendors installed, security vendors, the number is increasing over the next 12 months, it's decreasing or staying the same? What would you say?

Jon Oltsik

>> I would say it's increasing and decreasing. That's a wishy-washy answer, but let me explain. So if I'm the CISO, part of my job is to rationalize my technology stack-

>> Okay....

Jon Oltsik

>> and I should be doing that every year. Do we need all these tools? Do I need three different EDR vendors if I'm a large enterprise or can I consolidate? We saw that with firewalls a few years ago. At the same time, there's specialized needs in cloud security, in identity management, in data security, and I should be reviewing those kinds of things too. Now, I probably don't make that decision as a CISO. I hand that down or I delegate that down to the specialists, but that's happening too. So I do believe in consolidation, but the notion that you're going to have one platform I think is crazy. I think what you'll more likely have is a federated model, lots of different siloed analytics and data structure, and you need some type of analytics layer over the top. So if you know the company Palantir-

>> Sure....

Jon Oltsik

>> I see a Palantir-like overlord over all of the data for link analysis in time. But at the same time, you'll have multiple platforms. So that's what I mean by increasing and decreasing.

>> Interesting you bring up Palantir because I think when you look at data platforms and how they're evolving, the Palantir model is kind of interesting. Like you said, a platform that can oversee or transcend single stovepipes, we see the data platform world moving in that direction. It sounds like security has the potential to move that way as well.

Jon Oltsik

>> Your instincts are absolutely right. That has to happen. So I'm a big fan of the open cybersecurity framework. I've been talking about this for years, Dave, that we need standardization on the data level, and it will happen over time, but it's not going to happen broadly. OCSF will go through multiple iterations. So you'll have some vendor who supports 1.0, not 2.and so you need some kind of aggregation layer. So the Cribls of the world, the data fabrics of the world absolutely play a role here. Then a Palantir is going to sit on top of those with analytics, and it's really an analytics and a data aggregation platform because the data sources are just increasing, again, not exponentially, but you need to look at data that you never thought you'd look at five, 10 years ago as a security professional.

>> Zero trust, buzzword or mandate?

Jon Oltsik

>> Mandate.

>> Explain.

Jon Oltsik

>> We have to get to a point where we can have micro-segmentation on the network where we have trusted relationships between users and applications, we have really strict entitlements, MFA everywhere or passwordless everywhere. But the Department of Defense standard or framework with 158 different characteristics of zero trust, it's going to take years to get there. So right now, zero trust is a use case-based initiative and with a more aspirational view of an enterprise initiative, but it's happening. But my friend John, who invented Zero Trust 25 years ago or so, he's still talking zero trust. So that tells you this is something that's going to take time to-

>> Hard to operationalize-

Jon Oltsik

>> Yes....

>> right? But by use case, you actually can have some success.

Jon Oltsik

>> And the use cases will be driven by the business. It's not a security initiative, it's a business; with a security context, of course, but the business has to mandate it.

>> When you talk to customers in your journeys, so it sounds like you wouldn't say there's no customer that has zero trust everywhere, but you're saying there is some success within specific examples of use cases.

Jon Oltsik

>> Yes.

>> Then is it like painting the Golden Gate Bridge? By the time you finish, you got to go back and those original use cases are now legacy and need to be updated, or can you add on, is it a journey that you can evolve to get to largely a zero trust network architecture?

Jon Oltsik

>> Yeah, I think it's a journey, and I think you do have to iterate, you do have to review where you're at because the people that you give access to will change, the applications will change, the entitlements will change. So nothing is static anymore. Everything's changing very quickly, and so you have to have that build, implement, review kind of cycle.

>> Ma pretty interesting topic in cyber security, it always is. There's rumors about Wiz acquiring Lacework. There's so much action in the market. I know if you saw Island, we just had Island on earlier. They raised 175 million at a 3 billion valuation. Corelite raised 150 million, on and on and on and on, every week it seems like you see some new startup gets either mentioned or gets acquired. Private equity is very heavily involved in this. It's like Capital's got a big party Wednesday night. They've done a lot of investing from data protection all the way through. What you make of the MA market? It doesn't look like it's going to slow down anytime soon.

Jon Oltsik

>> Well, the IPO market's pretty stale right now, so that is your exit. I think what we'll see, well, we'll always see the platform vendors filling in holes. We've seen that for years. Whether it's Palo Alto or Fortinet or Cisco, they're going to fill holes. I think there'll also be a lot of buyer sales coming up soon because of companies that got their funding a few years ago who are now running out of capital. But I do see a healthy market now. I see the big guys getting bigger, and so they're going to acquire. It's been pretty much consistent throughout my career, and I don't see an end in site.

>> Well, Lacework looks like a little potential fire sale, right? The number thrown around is 200 million. Those guys raised more than a billion dollars.

Jon Oltsik

>> Well, what does that tell you?

>> Yeah, right. I don't know what's going to happen to the cash, that's the question. Does the cash go back to investors, or-

Jon Oltsik

>> Yeah, it goes to preferred shareholders. You

Jon Oltsik

>> Yeah.

>> First in first out.

Jon Oltsik

>> That's it. That's it.not necessarily.

Jon Oltsik

>> But there's potential. There is a roll up. There's the agent in agentless angle. Wiz is a big company, and it has to fill some holes, and maybe that's a good financial deal for them. Or they could just be doing due diligence and seeing what Lacework has, and maybe they have a side project to assess, build or buy.

>> Israel has been a hotbed of innovation in cyber for decades. How has the war affected that? Has it had a negative effect on innovation out of Israel specifically, of course? But how does that affect the cyber security industry?

Jon Oltsik

>> It hasn't seemed to have a big effect. I feel for my Israeli friends and colleagues, they're living and they've learned to live through this hostile environment. Of course, it's worse now, but it doesn't seem to have a real acute feel now. We'll see what happens 'cause anything could happen in terms of escalation there. I hope it doesn't, but it doesn't seem to have at least a substantial impact right now.

>> Give us the last word, 19 out of 21 years, you've seen it all. Where's this industry headed? It seems like attackers continue to have at least the first mover advantage.

Jon Oltsik

>> Yes.

>> That's not going to change, I presume. Maybe it will with AGI, I don't know, but it seems like that's a perpetual dynamic. What should we be looking for? What are the handful of factors, and maybe not milestones, but indicators that we should be watching as observers in this industry?

Jon Oltsik

>> A few things come to mind. So the first is just the scale of the problem, and I mentioned this before. With all the cloud development with generative AI coming into place with the IoT and OT types of solutions out there that are on the IP networks, this has become a really monumental task. CISOs I talked to talk about that, so that's one thing. Another thing is I do see the market moving toward more vertical strategies. So if I'm the CISO of a healthcare organization, I've got different regulations. I've got different equipment. I've got different constituencies than someone in manufacturing or financial services. Of course, we all need email security and endpoint security, but the application of that against the threats changes. Another thing I see is this whole shift left, and I don't mean in application security, I mean in security in general, the military calls it left of boom. We've got to get a better understanding of what the adversaries are doing and then build what MITRE calls a threat-informed defense. That's hard to do, and so I see a lot of innovation in threat intelligence, in the application of threat intelligence, in building controls based on, again, what the adversaries are doing. Then as a follow-up to that, testing, so making sure that when we do red teaming that our controls can actually perform to where we think they are. I can keep going.

>> Well, I want to follow up on something you said-

Jon Oltsik

>> Okay....

>> which is the OT piece of it-critical infrastructure.

Jon Oltsik

>> Yes.

>> I obviously don't have your depth of knowledge or history, but I've been around a long time. I feel as though as a society, we don't understand, that we don't appreciate the level of risk that we face with respect to critical infrastructure.

Jon Oltsik

>> Yes.

>> This is a national and global security issue that I think is underrepresented in the media and in the daily conversations. What can you add to that statement?

Jon Oltsik

>> I think you're accurate, and I would encourage people who have that attitude to look at what's happening in the Ukraine. They're facing cyber and kinetic attacks on their critical infrastructure, which is the scenario. It'll be cyber first and then kinetic in an active shooting war like that. But we know that adversaries are really attacking or putting in time bombs into our critical infrastructure. We know that in water supply. We know that in electrical grids. I'm sure that it's in the telecom infrastructure, the healthcare infrastructure. No, this is a huge issue, and it seems like everyone is arming the battlefield for the escalation that may take place, and it's very, very scary. The federal government gets this. The critical infrastructures themselves sometimes fight this because they don't want the expense, they don't want the publicity there. But yeah, you're absolutely right, this is a real concern for society as a whole.

>> All right, so hopefully we can help shine a light on that, Jon. I wish we could keep going. We're out of time. Really appreciate you bringing your knowledge to theCUBE, such a deep expert in this space. You've done a great service to the community. Congratulations on your retirement, even though you still-you still got your foot in the door here, and we're glad to have you. Thank you so much for Dave. It was great to talk to you.

>> Yeah, pleasure. All right, keep it right there. We'll be up with our next guest. We're live from RSAC 2024. We're here in Moscone West at Broadcast Alley. Stop by and see us. We'll be right back right for this short break.