About Andrew Hay

Andrew Hay is an information security industry veteran with close to 20 years of experience as a security practitioner, industry analyst, and executive. As the Chief Information Security Officer (CISO) at DataGravity, Inc., he advocates for the company’s total information security needs and is responsible for the development and delivery of the company’s comprehensive information security strategy.

Andrew has served in various roles and responsibilities at a number of companies including OpenDNS (now a Cisco company), CloudPassage, Inc., 451 Research, the University of Lethbridge, Capital G Bank Ltd. (now Clarien Bank Bermuda), Q1 Labs (now IBM), Nokia (now Check Point), Nortel Networks, Magma Communications (now Primus Canada), and Taima Corp (now Convergys).

Andrew is frequently approached to provide expert commentary on security-industry developments, and has been featured in such publications as Forbes, Bloomberg, Wired, USA Today, International Business Times, Sacramento Bee, Delhi Daily News, Austin Business Journal, Ars Technica, RT, VentureBeat, LeMondeInformatique, eWeek, TechRepublic, Infosecurity Magazine, The Data Center Journal, TechTarget, Network World, Computerworld, PCWorld, and CSO Magazine.

Book Review: The Phoenix Project

PPhardcoverI was sent an advanced review copy of The The Phoenix Project: A Novel About IT, DevOps, and Helping Your Business Win by co-author Gene Kim and I can honestly say that it was one of the most enjoyable books I’ve read in a long time. The novel, written by Gene Kim, Kevin Behr, and George Spafford, not only combines an interesting story with sound business practices, it also teaches the reader about risk evaluation, critical thinking, and how manufacturing processes can translate to IT operations, development, and, of course, DevOps.

The characters in the book were easy to relate to and I suspect that if you have not yet worked for or with an individual depicted in the book in your career, you likely will at some point. Both the heroes and protagonists were easy to spot and I found myself genuinely rooting for the heroes throughout the course of the book.

If I have one criticism about the combined work, it’s that throughout the book the characters had very negative views towards developers and the historic disconnect between IT ops, security, developers, and the senior decision makers. This was something that I had hopped would evolve into, at the very least, a sense of mutual respect and appreciation for their skills, talents, and issues by the end of the novel. Part of me would like to see a parallell sequel written that depicted the same story from the view of the software people.

I recommend that anyone involved in any line of business read this book. Similarly, any person working within an organization will be able to learn something new about how their business operates. It shows the inner workings of how business decisions are prioritized and will help people relate to the decisions made in their own company.

Business leaders will almost certainly find a gem or two to help them optimize their existing business practices and perhaps even streamline their IT operations and product deliverables. I wouldn’t be surprised to see this book as the basis for future MBA or executive education tracks as I think, though the individual concepts may currently be presented, the combined work presents itself as a seminal case study into optimizing business by automating IT.

Andrew Hay