Director Cybersecurity Research

John Tolbert

John is the Director of Cybersecurity Research and Lead Analyst at KuppingerCole Analysts. John covers multiple cybersecurity and identity management topics, drawing upon his years of experience as a security specialist in both Fortune 500 companies and tech startups. John develops research strategies, conducts research, and advises enterprises on security architecture as well as security and identity management vendors on their product and service roadmaps. He has participated in technical standards development and was named an OASIS Distinguished Contributor in 2014. John regularly participates in KuppingerCole events and is often invited to speak at industry and security vendor events.

Roles & Responsibilities at KuppingerCole

As Director of Cybersecurity Research, John keeps up to date on threats, trends, and product developments across the industry, in order to set the agenda for cybersecurity research. As a Lead Analyst, he conducts research on established and leading-edge cybersecurity solutions.

Background & Education

As Lead Analyst, John covers a number of different research areas, outlined below. John also advises cybersecurity and IAM vendors, from startups to Fortune 500 companies, regarding their product and service roadmaps.

Areas of coverage



Professional Experience

John has specialized in security and identity management throughout his career, which spans working for companies in the manufacturing, aerospace and defense, and software industries.

Latest research

Executive View
ExeonTrace NDR
March 08, 2023
Network monitoring is a foundational element of security architecture. Sophisticated attackers may deliberately delete logs on servers and endpoints to cover up their tracks. This means that the network, including private and public clouds, may be the last place that investigators can look…
Leadership Compass
SASE Integration Suites
February 06, 2023
This report provides an overview of the market for Secure Access Service Edge (SASE) Integration Suites. In this Leadership Compass, we examine the market segment, vendor service functionality, relative market share, and innovative approaches to providing SASE Integration solutions.
Leadership Compass
CIAM Platforms
September 27, 2022
This report provides an overview of the market for Consumer Identity and Access Management solutions and provides you with a compass to help you to find the CIAM product or service that best meets your needs. We examine the market segment, vendor product and service functionality, relative…
Executive View
Malwarebytes Nebula and Incident Response
August 25, 2022
Organizations and individuals are constantly under threat by malware. Malware variants evolve and proliferate daily, making it increasingly difficult to prevent infections, compromises, and consequences such as data leakage and damage. While Endpoint Protection (EPP) solutions are primarily…
Leadership Brief
Advanced IT security solutions for OT environments
August 09, 2022
Industrial Control Systems operators are increasingly targeted by Advanced Persistent Threat (APT) actors and cybercriminals as digital transformation accelerates. Many hitherto isolated systems now connected, which introduces additional risks from enterprise IT and the cloud. Although such…
Identity & Security: Addressing the Modern Threat Landscape
July 12, 2022
Identity and Access Management (IAM) and Cybersecurity have for too long been separate disciplines with distinct solutions that have not interoperated optimally. This has put defenders at a disadvantage because malicious actors have increasingly made IAM solutions a primary vector of attack…

Latest blog posts

Security for Operational Technology Environments
September 05, 2022
Operational Technology (OT) systems encompass Industrial Control Systems (ICS), Critical Infrastructure Systems (CIS), and Industrial Internet of Things (IIoT). OT environments face threats similar to those that traditional enterprise IT systems do, as well as threats unique to each type…
PCI-DSS 4.0 launched
April 22, 2022
The Payment Card Industry (PCI) Standards Council has published a major update to the Data Security Standard (DSS), version 4.0. This version is an improvement over the current version, 3.2.1, which came out in 2018.   The new publication directs organizations that need to be…
SentinelOne Acquires Attivo Networks: A Big Leap Forward to Security With Identity
March 15, 2022
SentinelOne has announced that they will acquire Attivo Networks, a leading Distributed Deception Platform (DDP) and Identity Threat Detection & Response (ITDR) solution provider. This appears to be a good move for SentinelOne, which is a leading Endpoint Protection Detection &…
Has Your Organization Rolled Out MFA Yet?
January 27, 2022
Have you entered a password somewhere today? Do you wonder why you’re still having to do that? Did entering that password give you a feeling of digital safety? Did it make your consumer experience more enjoyable? Cybersecurity and identity management experts have been proclaiming…
What is XDR?
June 25, 2021
Almost all enterprises have many security tools in place already, some of which are still focused on perimeters/DMZs and on hosts, such as servers and endpoints. Endpoint Detection & Response (EDR) tools are becoming more commonplace in enterprises and SMBs. EDR tools depend on agents…
Dark Side Ransomware Attacks
May 20, 2021
Last week Colonial Pipeline, one of the largest pipelines in the US, was hit by a ransomware attack from the Dark Side cybercrime group. While many pertinent specifics about the attack are not known, FireEye and US Cybersecurity and Infrastructure Security Agency (CISA) have shed some…

Latest videos

Analyst Chat
Analyst Chat #161: Managing Network Connectivity and Security with SASE Solutions
February 20, 2023
With the rapid expansion of IT environments, adoption of the cloud, and the ongoing Digital Transformation, the need to provide secure access to organizational resources has become paramount. Secure Access Service Edge (SASE) solutions are designed to consolidate network and security…
Webinar Recording
Debunking Common Myths about XDR
January 25, 2023
Join security experts from KuppingerCole Analysts and SentinelOne to help you get an understanding of what eXtended Detection & Response (XDR) really is, and why you should consider this emerging technology in your enterprise security stack. John Tolbert, Director Cybersecurity…
Webinar Recording
Unify Identity and Security to Block Identity-Based Cyber Attacks
December 07, 2022
Join security and identity experts from KuppingerCole Analysts and ARCON as they discuss the importance of securing enterprise credentials, explain why a unified identity security approach in line with Zero Trust principles improve security and efficiency, and describe how to combine…
Analyst Chat
Analyst Chat #150: Clear and Present Danger - Ransomware Threats to Healthcare Providers
November 21, 2022
Only a week has passed since John Tolbert, our Cybersecurity Research Director, spoke at CSLS about ransomware and how to combat it. Today, he reports on specific threats posed by ransomware attacks to the healthcare industry, particularly in the US. But in the end, these are just examples…
Analyst Chat
Analyst Chat #147: How To Manage Your Clients, From Customers and Citizens to B2B and B2B2C
October 31, 2022
CIAM solutions are designed to address specific technical requirements that consumer-facing organizations have that differ from traditional “workforce” or Business-to-Employee (B2E) use cases. John Tolbert has revisited this market segments for the updated Leadership Compass…
Webinar Recording
A Winning Strategy for Consumer Identity & Access Management
October 19, 2022
Success in digital business depends largely on meeting customers’ ever-increasing expectations of convenience and security at every touchpoint. Finding the best strategy to achieve the optimal balance between security and convenience without compromising on either is crucial, but can…