About Andrew Hay

Andrew Hay is an information security industry veteran with close to 20 years of experience as a security practitioner, industry analyst, and executive. As the Chief Information Security Officer (CISO) at DataGravity, Inc., he advocates for the company’s total information security needs and is responsible for the development and delivery of the company’s comprehensive information security strategy.

Andrew has served in various roles and responsibilities at a number of companies including OpenDNS (now a Cisco company), CloudPassage, Inc., 451 Research, the University of Lethbridge, Capital G Bank Ltd. (now Clarien Bank Bermuda), Q1 Labs (now IBM), Nokia (now Check Point), Nortel Networks, Magma Communications (now Primus Canada), and Taima Corp (now Convergys).

Andrew is frequently approached to provide expert commentary on security-industry developments, and has been featured in such publications as Forbes, Bloomberg, Wired, USA Today, International Business Times, Sacramento Bee, Delhi Daily News, Austin Business Journal, Ars Technica, RT, VentureBeat, LeMondeInformatique, eWeek, TechRepublic, Infosecurity Magazine, The Data Center Journal, TechTarget, Network World, Computerworld, PCWorld, and CSO Magazine.

How to survive the RSA and BSides Deconfalon

With the RSA Security Conference and Security BSides San Francisco only a week away I thought I’d offer some advice to first time attendees:

  1. There are parties every night of the week so it would be a good idea to pace yourself. You need to treat the week like an Olympic event – something I will call the ‘Deconfalon’. Not only are you going to be sitting through talks and networking all day but you’ll also likely be attending parties until all hours of the night (or morning). This type of activity takes a toll on your body and mental health. The last thing you want to do is party too hard on the first night and ruin the next two as a result (I’ve done it, it sucks). There’s no rule that says you have to close the bar or go out for pancakes at 4am. Some people like doing this but I’m no longer one of them as I’m not 19 anymore. Party at your own pace and party responsibly. You’ll enjoy your week more.
  2. Water is your best friend.If you’re hell bent on power drinking at after hours Deconfalon events, try having a glass of water after every alcoholic drink. Sure, you’ll have to run to the bathroom a lot but you’ll likely fend off dehydration and a brutal hangover the next morning. Also, just because the booze is free, doesn’t mean that you have to drink out the bar.
  3. Eat, pray, love. Well, at least eat. One of the biggest mistakes I usually make during the Deconfalon is to forget to eat. Sure, if you’re press or a speaker there is food provided in the press or speaker room, but with the number of meetings, appointments and talks who really has time? My best advice is to pack some snacks that will fit in your pocket for eating on the run during the conference. Also, make a point of eating as many proper meals as you can. Grab someone and invite them out for a quick bite before heading to the next party or find another person who looks as weary as you and go out for lunch together. Remember, man was not designed to live on appetizers alone.
  4. Take some ‘me’ time. Sometimes you just need some time to decompress. Don’t worry what your friends or colleagues might think about you skipping out on a night of parties in favor of a quiet night in. Stressed out during the day? Why not hit a local coffee shop or go for a walk? No one is going to fault you for wanting some personal time. You don’t always have to be ‘on’ at these things.
  5. Fake it until you make it. Don’t know anyone at the conferences? Shy? Maybe you’re an introvert? Maybe you know some people through social media like Twitter but are afraid to approach them in real life? One of the worst things you could do at events like these is to sit in the corner in your own little world. Be fun, outgoing and friendly. Smile (but don’t be a grin fucker), practice active listening and, if you see someone standing out on the fringes of the conversation, invite them to join in. You might make a friend for life.
  6. Have fun. Look, if you’re not having fun, it’s time to find something else to do. Don’t stick around in a dull conversation or at a party if you’re bored or disinterested. Go find someone else to talk to or find something else to do (like sleep). Similarly, not every conversation has to be about security. A lot of people make the mistake of only talking about work or the practice of security. I assure you, by midweek, this gets very boring. Strike up a conversation about a recent vacation, a new technology purchase or even a new exercise regiment. Show people you’re more than just another security wonk.

Hopefully this helps. See you next week.

Andrew Hay