AndrewAndrew Hay is the Director of Research at OpenDNS where he leads the research efforts for the company. Prior to joining OpenDNS he was the Director of Applied Security Research and Chief Evangelist at CloudPassage, Inc. Prior to that, Andrew served as a Senior Security Analyst for 451 Research’s Enterprise Security Practice (ESP) providing technology vendors, private equity firms, venture capitalists and end users with strategic advisory services – including competitive research, new product and go-to-market positioning, investment due diligence and tactical partnership, and M&A strategy. Through his work at 451 Research, Andrew was instrumental in securing tens of millions of dollars in equity investment for numerous security product vendors. He is a veteran strategist with more than a decade of experience related to endpoint, network and security management across various product sectors, including security information and event management (SIEM); log management; deep packet inspection (DPI); security analytics; vulnerability management; penetration testing; intrusion detection and prevention (IDS/IPS); firewall; threat intelligence; application whitelisting; network and host forensics; incident response; and governance, risk and compliance (GRC).

Before joining The 451 Group, Andrew worked in the Information Security Office (ISO) of the University of Lethbridge, in Alberta, Canada and, prior to that, at a privately held bank in Hamilton, Bermuda; in each position, he was responsible for strategically designing, driving and executing the goals and objectives of the organization’s information security programs. Prior to that, Andrew served in various roles at Q1 Labs, including Engineering Manager, Product Manager and finally as the Program Manager responsible for the entire portfolio of third-party technology partner relationships.

Andrew was honored with the title of Security Thought Leader in May 2008 by the SANS Institute; named an IT Knowledge Exchange blogger of the week in June 2009; listed as one of the Most Powerful Voices in Security by SYS-CON Media’s Jim Kaskade in September 2011; named one of Tripwire Inc.’s Top 25 Security People to Follow in December 2011; and named one of the Top Chief Security Officers (CSOs) to Follow on Twitter by CEOWORLD Magazine in April 2014.

Andrew is frequently approached to provide expert commentary on security-industry developments, and has been interviewed by members of the press for such publications as The Sacramento Bee, eWeek, TechTarget, Wired Magazine, Network World and CSO Magazine, in addition to podcasts such as the Data Security Podcast, Forensic4Cast, SecuraBit, PaulDotCom, Security.Exe, Beyond The Perimeter, The Risk Hose, Security Roundtable and Tenable Network Security. He was formally the founder and cohost of the LogChat podcast with Dr. Anton Chuvakin. Andrew also has written articles for several trade publications such as Information Week Magazine, DarkReading and Network Computing on various security-related topics.


  • SOURCE Boston 2010, 2011, and 2013
  • SOURCE Barcelona 2010
  • SANS What Works in Forensics and Incident Response Summit 2010, 2011, and 2013
  • SANS Network Security 2009
  • SANS Toronto 2008
  • Security BSides San Francisco 2010, 2011, and 2013
  • Security BSides Boston 2010, 2011, and 2013
  • Security BSides Ottawa 2010
  • Security BSides Las Vegas 2010 and 2012
  • Security BSides Los Angeles 2012
  • Countermeasure 2012 and 2013
  • PuppetConf 2012
  • ChefConf 2013
  • RSA Security Conference 2010 and 2012
  • SxSW Interactive Festival 2012
  • BayThreat 2012
  • ISC2 Congress 2013
  • Infosecurity Europe 2012
  • CloudBeat 2012
  • OpenStack Summit 2012
  • HTCIA Conference 2013
  • AccessData User Conference 2012
  • Americas Growth Capital West Coast Infosec and Technology Growth Conference 2011
  • Joint iTrust and PST Conferences on Privacy, Trust Management and Security 2007
  • Next Generation Networks Technical Awareness Session (TAS) 2007
  • BrightTalk Log Management Summit 2010
  • Black Hat 2014


  • International Information Systems Security Certification Consortium (ISC2)
  • High Technology Crime Investigation Association (HTCIA)
  • Information Systems Audit and Control Association (ISACA)
  • National Electric Sector Cybersecurity Organization (NESCO)
  • Energy Sector Security Consortium (EnergySec)
  • Penetration Testing Execution Standard (PTES)
  • InfoSecMentors Project
  • Cloud Security Alliance (CSA)
  • Open Web Application Security Project (OWASP)


  • Global Information Assurance Certification (GIAC) Advisory Board
  • Countermeasure 2012, 2013 Advisory Board
  • BSides Ottawa Advisory Board
  • OWASP Lethbridge – Chapter Leader


  • OSSEC Host-based Intrusion Detection Guide (Syngress, ISBN 9781597492409, March 2008)
  • Nokia Firewall, VPN, and IPSO Configuration Guide (Syngress, 9781597492867, November 2008)
  • Nagios 3 Enterprise Network Monitoring (Syngress, 9781597492676, June 2008)
  • The Cyber-Security Playbook (The 451 Group, Enterprise Security Practice, April 2011)
  • 451 Research:


  • Algonquin College of Applied Arts and Technology, Computer Science (1997)
  • The SANS Institute, Intrusion Detection In-Depth (2006)
  • The SANS Institute, Hacker Techniques, Exploits & Incident Handling (2006)
  • The SANS Institute, Computer Forensic Investigations and Incident Response (2009)
  • The SANS Institute, Securing Windows (2009)
  • Offensive Security, Penetration Testing with Backtrack (2011)
  • Lofty Perch, Inc., SCADA and Control Systems Cyber Security (2011)
  • Harvard Business School ManageMentor, Budgeting (2011)
  • Harvard Business School ManageMentor, Finance Essentials (2011)
  • Harvard Business School ManageMentor, Marketing Essentials (2011)
  • Harvard Business School ManageMentor, Negotiating (2011)
  • Chef Introductory Workshop – Managing Windows (2013)
  • Penetration Testing with Metasploit (2013)
  • Python For Security Professionals (2013)
  • The SANS Institute, Reverse Engineering Malware (2013)
  • The Data Scientist’s Toolbox, The Johns Hopkins University (2014)


  • Cisco Certified Network Associate (CCNA)
  • Red Hat Certified Technician (RHCT)
  • Red Hat Certified Engineer (RHCE)
  • CompTIA Security+
  • Check Point Certified Security Administrator (CCSA)
  • Check Point Certified Security Expert NGX (CCSE)
  • Check Point Certified Security Expert Plus (CCSE Plus)
  • GIAC Certified Security Essentials (GSEC)
  • GIAC Certified Intrusion Analyst (GCIA)
  • GIAC Certified Incident Handler (GCIH)
  • GIAC Certified Forensic Analyst (GCFA)
  • Certified Information Systems Security Professional (CISSP)