About Andrew Hay

Andrew Hay is an information security industry veteran with close to 20 years of experience as a security practitioner, industry analyst, and executive. As the Chief Information Security Officer (CISO) at DataGravity, Inc., he advocates for the company’s total information security needs and is responsible for the development and delivery of the company’s comprehensive information security strategy.

Andrew has served in various roles and responsibilities at a number of companies including OpenDNS (now a Cisco company), CloudPassage, Inc., 451 Research, the University of Lethbridge, Capital G Bank Ltd. (now Clarien Bank Bermuda), Q1 Labs (now IBM), Nokia (now Check Point), Nortel Networks, Magma Communications (now Primus Canada), and Taima Corp (now Convergys).

Andrew is frequently approached to provide expert commentary on security-industry developments, and has been featured in such publications as Forbes, Bloomberg, Wired, USA Today, International Business Times, Sacramento Bee, Delhi Daily News, Austin Business Journal, Ars Technica, RT, VentureBeat, LeMondeInformatique, eWeek, TechRepublic, Infosecurity Magazine, The Data Center Journal, TechTarget, Network World, Computerworld, PCWorld, and CSO Magazine.

This year marks the first year in my security career that I get to speak at the Black Hat security conference - and I couldn't be more excited. On Tuesday, August 6th at 2:15pm local time, I'll be co-presenting Unveiling The Open Source Visualization Engine For Busy Hackers with Thibault Reuille. Here is the abstract for the talk: The way a human efficiently digests information varies from person-to-person. Scientific studies have shown that some individuals learn better through the presentation of visual/spatial information compared to simply reading text. Why then do vendors expect customers to consume presented data following only the written word...

Read More

Looks like I get to go to the land of deep dish pizza (Chicago) at the end of the month to speak at the 2013 (ISC)² Congress. I'll be giving two talks: 3340: (ISC)² - The Five W's of Securing Dev/Test Cloud Instances Wednesday, September 25, 2013: 4:30 PM-5:30 PM S106b - Cloud Track Software developers, engineers and quality assurance/testers are spinning up cloud servers outside of IT's control, and, generally speaking, security is the last thing on their mind. Business leadership and product owners typically turn a blind eye to this practice, often referred to as ‘Shadow IT’, because the business knows that...

Read More

I'm hoping my readers can help vote up some of the presentations that I am a part of at BSidesSanFrancisco. As such, here is a consolidated view of the presentations: Name: Dave Shackleford (@daveshackleford) & Andrew Hay (@andrewsmhay) Vote for this talk! Title: A Brief History of Hacking Abstract: Phreaking? Captain Crunch? Blue boxes? Not to mention LoD, MoD, and the evolution of cyberpunk in modern society. This may be all Greek to you, or you might know exactly what all of these monikers mean. Either way, come along for the ride as we revisit the beginnings of hacking, as well as the...

Read More