Andrew Hay

About

DETAILED BIOGRAPHY

AndrewAndrew Hay is a Senior Security Analyst for 451 Research’s Enterprise Security Practice (ESP). Andrew provides technology vendors, private equity firms, venture capitalists and end users with strategic advisory services – including competitive research, new product and go-to-market positioning, investment due diligence and tactical partnership, and M&A strategy.

Through his work at 451 Research, Andrew has been instrumental in securing tens of millions of dollars in equity investment for numerous security product vendors. He is a veteran strategist with more than 12 years of experience related to endpoint, network and security management across various product sectors, including security information and event management (SIEM); log management; deep packet inspection (DPI); vulnerability management; intrusion detection and prevention (IDS/IPS); firewall; threat intelligence; application whitelisting; network and host forensics; incident response; and governance, risk and compliance (GRC).

Before joining The 451 Group, Andrew worked in the Information Security Office (ISO) of the University of Lethbridge, in Alberta, Canada and, prior to that, at a privately held bank in Hamilton, Bermuda; in each position, he was responsible for strategically designing, driving and executing the goals and objectives of the organization’s information security programs. Prior to that, Andrew served in various roles at Q1 Labs, including Engineering Manager, Product Manager and finally as the Program Manager responsible for the entire portfolio of third-party technology partner relationships.

Andrew was honored with the title of Security Thought Leader in May 2008 by the SANS Institute; named an IT Knowledge Exchange blogger of the week in June 2009; listed as one of the Most Powerful Voices in Security by SYS-CON Media’s Jim Kaskade in September 2011; and named one of Tripwire Inc.’s Top 25 Security People to Follow in December 2011. He is a sought-after speaker, and has presented at numerous international security conferences such as the SOURCE Conference, SANS What Works in Forensics and Incident Response Summit, SANS Network Security, Security BSides, RSA Security Conference, Americas Growth Capital and the joint iTrust and PST Conferences on Privacy, Trust Management and Security.

Andrew is frequently approached to provide expert commentary on security-industry developments, and has been interviewed by members of the press for such publications as The Sacramento Bee, eWeek, TechTarget, Wired Magazine, Network World and CSO Magazine, in addition to podcasts such as the Data Security Podcast, Forensic4Cast, SecuraBit, PaulDotCom, Security.Exe, Beyond The Perimeter, The Risk Hose, Security Roundtable and Tenable Network Security. He was formally the founder and cohost of the LogChat podcast with Dr. Anton Chuvakin. Andrew also has written articles for several trade publications such as Information Week Magazine, DarkReading and Network Computing on various security-related topics.

PROFESSIONAL MEMBERSHIPS

• International Information Systems Security Certification Consortium (ISC2)
• High Technology Crime Investigation Association (HTCIA)
• Information Systems Audit and Control Association (ISACA)
• National Electric Sector Cybersecurity Organization (NESCO)
• Energy Sector Security Consortium (EnergySec)
• Penetration Testing Execution Standard (PTES)
• InfoSecMentors Project
• Cloud Security Alliance (CSA)
• Open Web Application Security Project (OWASP)

BOARD MEMBERSHIPS

• Global Information Assurance Certification (GIAC) Advisory Board
• Countermeasure 2012 Advisory Board
• BSides Ottawa Advisory Board
• OWASP Lethbridge – Chapter Leader

PUBLICATIONS

• OSSEC Host-based Intrusion Detection Guide (Syngress, ISBN 9781597492409, March 2008)
• Nokia Firewall, VPN, and IPSO Configuration Guide (Syngress, 9781597492867, November 2008)
• Nagios 3 Enterprise Network Monitoring (Syngress, 9781597492676, June 2008)
• The Cyber-Security Playbook (The 451 Group, Enterprise Security Practice, April 2011)
• 451 Research: https://www.451research.com/search?author=Andrew+Hay

EDUCATION

• Algonquin College of Applied Arts and Technology, Computer Science (1997)
• The SANS Institute, Intrusion Detection In-Depth (2006)
• The SANS Institute, Hacker Techniques, Exploits & Incident Handling (2006)
• The SANS Institute, Computer Forensic Investigations and Incident Response (2009)
• The SANS Institute, Securing Windows (2009)
• Offensive Security, Penetration Testing with Backtrack (2011)
• Lofty Perch, Inc., SCADA and Control Systems Cyber Security (2011)
• Harvard Business School ManageMentor, Budgeting (2011)
• Harvard Business School ManageMentor, Finance Essentials (2011)
• Harvard Business School ManageMentor, Marketing Essentials (2011)
• Harvard Business School ManageMentor, Negotiating (2011)

PROFESSIONAL CERTIFICATIONS

• Cisco Certified Network Associate (CCNA)
• Red Hat Certified Technician (RHCT)
• Red Hat Certified Engineer (RHCE)
• CompTIA Security+
• Check Point Certified Security Administrator (CCSA)
• Check Point Certified Security Expert NGX (CCSE)
• Check Point Certified Security Expert Plus (CCSE Plus)
• GIAC Certified Security Essentials (GSEC)
• GIAC Certified Intrusion Analyst (GCIA)
• GIAC Certified Incident Handler (GCIH)
• GIAC Certified Forensic Analyst (GCFA)
• Certified Information Systems Security Professional (CISSP)