About Andrew Hay

Andrew Hay is an information security industry veteran with close to 20 years of experience as a security practitioner, industry analyst, and executive. As the Chief Information Security Officer (CISO) at DataGravity, Inc., he advocates for the company’s total information security needs and is responsible for the development and delivery of the company’s comprehensive information security strategy.

Andrew has served in various roles and responsibilities at a number of companies including OpenDNS (now a Cisco company), CloudPassage, Inc., 451 Research, the University of Lethbridge, Capital G Bank Ltd. (now Clarien Bank Bermuda), Q1 Labs (now IBM), Nokia (now Check Point), Nortel Networks, Magma Communications (now Primus Canada), and Taima Corp (now Convergys).

Andrew is frequently approached to provide expert commentary on security-industry developments, and has been featured in such publications as Forbes, Bloomberg, Wired, USA Today, International Business Times, Sacramento Bee, Delhi Daily News, Austin Business Journal, Ars Technica, RT, VentureBeat, LeMondeInformatique, eWeek, TechRepublic, Infosecurity Magazine, The Data Center Journal, TechTarget, Network World, Computerworld, PCWorld, and CSO Magazine.

The Hak5 RainbowTables project has finished generating the 120GB LM All tableset, and they are now available for public download via Bittorrent. Technical Details Charset: all (ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789!@#$%^&*()-_+=~`[]{}|:;”’,.?/) Plaintext Length Range: 1-7 Key Space: 68^1 + 68^2 + 68^3 + 68^4 + 68^5 + 68^6 + 68^7 = 6823331935124 Disk Usage: 120GB Success Rate: 1 - (1 - calc_success_prob(6823331935124, 9000, 8000000000/8)) ^ 8 = 0.9990 Mean/Max cryptanalysis time: 197.0106s/915.2542s* Max Disk Access Time: 3802.2s* Typical 666MHz CPU The Torrent download is available here: hak5_rtables_lm_all_1-7.torrent What is a Rainbow Table? A rainbow table is a lookup table offering a time-memory tradeoff used in recovering the plaintext password from a password hash generated...

Read More

Well I finally did it, I passed both of my GIAC Certified Incident Handler (GCIH) exams with 89% on each! This was the first time I had a chance to use the SANS OnDemand training method and I have some mixed feelings about it: Pros Very Portable - while out of the office, I was able to access the material when I needed it. This was very handy while waiting for my Red-eye flights back from California to the East Coast. MP3's For Download - SANS makes the MP3's available for download which makes flights go by quickly and allows me to learn...

Read More

The guys at eEye have started a new website that shows great promise: The Zero-Day Tracker From the eEye blog: We are pleased to announce the release of eEye Research's Zero-Day Tracker. This site will help the community keep track of past and present zero-day vulnerabilities in real-time. This isn't a simple link repository, but instead personalized analysis information from eEye researchers. If something is reported as a non-exploitable bug, we'll make sure to exhaust the flaw for exploitability, as we have shown with the ASX Playlist and the ADODB.Connection ActiveX zero-day vulnerabilities. We will also always...

Read More