About Andrew Hay

Andrew Hay is an information security industry veteran with close to 20 years of experience as a security practitioner, industry analyst, and executive. As the Chief Information Security Officer (CISO) at DataGravity, Inc., he advocates for the company’s total information security needs and is responsible for the development and delivery of the company’s comprehensive information security strategy.

Andrew has served in various roles and responsibilities at a number of companies including OpenDNS (now a Cisco company), CloudPassage, Inc., 451 Research, the University of Lethbridge, Capital G Bank Ltd. (now Clarien Bank Bermuda), Q1 Labs (now IBM), Nokia (now Check Point), Nortel Networks, Magma Communications (now Primus Canada), and Taima Corp (now Convergys).

Andrew is frequently approached to provide expert commentary on security-industry developments, and has been featured in such publications as Forbes, Bloomberg, Wired, USA Today, International Business Times, Sacramento Bee, Delhi Daily News, Austin Business Journal, Ars Technica, RT, VentureBeat, LeMondeInformatique, eWeek, TechRepublic, Infosecurity Magazine, The Data Center Journal, TechTarget, Network World, Computerworld, PCWorld, and CSO Magazine.

I sat down this afternoon and passed my GIAC Advanced Filesystem Recovery and Memory Forensics Skills Test and Report (STAR) test. I took the SANS Security 526:Advanced Filesystem Recovery and Memory Forensics course while at SANS Network Security 2009 in San Diego at the tail end of my week long SANS Computer Forensics, Investigation, and Response class (and boy was I tired). I can't say enough about how great both of these courses are and I hope that I fare as well on the GIAC Certified Forensics Analyst (GCFA) exam when I sit for it in the coming months. If you...

Read More

If you use the SANS Investigative Forensic Toolkit (SIFT) Workstation for your forensic analysis you can easily add log2timeline to your VMware guest image. In order to get these files using the wget, yum, and cpan methods you must ensure that your SIFT workstation has its interface set to 'bridged' or 'NAT' mode so that it can get out to the Internet. Steps to Install log2timeline on SIFT 1. Download the log2timeline archive to your SIFT workstation [root@SIFTWorkstation ~]# wget http://log2timeline.net/files/log2timeline_0.33b.tgz 2. Extract the archive [root@SIFTWorkstation ~]# tar zxvf log2timeline_0.33b.tgz 3. Change to the log2timeline directory [root@SIFTWorkstation ~]# cd log2timeline 4. Install some of the dependancies using yum [root@SIFTWorkstation...

Read More

Thanks to Syngress, and their great discounts lately, I have a full forensic library to read through this fall (and probably through the winter). Also, I blame Rob Lee for my new found love of forensics. Here are some of the books that I have picked up recently: Malware Forensics: Investigating and Analyzing Malicious Code by Cameron H. Malin, Eoghan Casey, and James M. Aquilina Product Description Malware Forensics: Investigating and Analyzing Malicious Code covers the emerging and evolving field of "live forensics," where investigators examine a computer system to collect and preserve critical live data that may be lost if the system is...

Read More