About Andrew Hay

Andrew Hay is an information security industry veteran with close to 20 years of experience as a security practitioner, industry analyst, and executive. As the Chief Information Security Officer (CISO) at DataGravity, Inc., he advocates for the company’s total information security needs and is responsible for the development and delivery of the company’s comprehensive information security strategy.

Andrew has served in various roles and responsibilities at a number of companies including OpenDNS (now a Cisco company), CloudPassage, Inc., 451 Research, the University of Lethbridge, Capital G Bank Ltd. (now Clarien Bank Bermuda), Q1 Labs (now IBM), Nokia (now Check Point), Nortel Networks, Magma Communications (now Primus Canada), and Taima Corp (now Convergys).

Andrew is frequently approached to provide expert commentary on security-industry developments, and has been featured in such publications as Forbes, Bloomberg, Wired, USA Today, International Business Times, Sacramento Bee, Delhi Daily News, Austin Business Journal, Ars Technica, RT, VentureBeat, LeMondeInformatique, eWeek, TechRepublic, Infosecurity Magazine, The Data Center Journal, TechTarget, Network World, Computerworld, PCWorld, and CSO Magazine.

Metasploit Project Acquired by Rapid7 a Good Thing

In case you haven’t already heard from the numerous other sources, HD Moore’s Metasploit project has been acquired by Rapid7 and he has joined the company as their CSO. A lot of people see this as a bad move but I see it as a good thing. Not only does this free up HD to dedicate more time to Metasploit but it also allows him to have a team of dedicated developers working on it full time. Sure the code will probably make it into Rapid7’s products before it’s released to the public but in the end you get what you pay for.

The same thing happened when Third Brigade acquired the OSSEC HIDS project. Some of the OSSEC code was commercialized but the real bonus was how they allowed Daniel Cid to keep working on OSSEC full time. Since the acquisition OSSEC has released some pretty cool enhancements that probably would still be a year or two away had Daniel not been able to work on them full time.

There is always a silver lining folks…

Andrew Hay