Resume

Andrew Hay

Andrew Hay

Canadian security professional, author, and speaker

Alberta, Canada

Current
Past
  • Customer Solutions Architect at Q1 Labs Inc.
  • Customer Support Engineer 2 at Nokia Enterprise Solutions
  • Platform Analyst at Computer Sciences Corporation (Nortel Contract)
  • Network Analyst at Magma Communications Ltd.
  • Platform Analyst at Convergys

see less...

5 more...

Education
  • The SANS Institute
  • The SANS Institute
  • The SANS Institute
  • Algonquin College of Applied Arts and Technology

see less...

1 more...

Recommended
Andrew has 20 recommendations 20 people have recommended Andrew
Connections
500+ connections
Industry
Computer & Network Security
Websites

Summary

Andrew Hay is a security expert who writes and speaks on forensics, incident handling, system and network security management, and effective security program execution. As a full-time professional in the field, Andrew speaks to the power of having a well thought out information security program as the first step to any security product purchase. He has authored three books on network security management and in 2008 was honored with the title of “Security Thought Leader” by the SANS Institute. Andrew maintains a topical security blog at http://www.andrewhay.ca and can be engaged on Twitter via @andrewsmhay.

Presenter
· Network Security Monitoring and Management Solutions, Next Generation Networks Technical Awareness Session (TAS), in Gatineau, Quebec, Canada - May 2007
· Enterprise Log Analysis with Q1 Labs QRadar and OSSEC, iTrust and PST Conferences on Privacy, Trust Management and Security in Moncton, New Brunswick, Canada - July 2007
· Security Round Table panelist: Topic “Do we have privacy anymore?” - September 2007 - http://preview.tinyurl.com/66b4t8
· SANS Webcast entitled Separated at Birth – “Identity and Access Reunited!” - September 2007 - http://preview.tinyurl.com/4nnbgj
· “Lunch & Learn” on Enterprise Log Management for Incident Handlers at SANS Network Security 2007 at Caesars Palace in Las Vegas, Nevada - September 2007

Interviews
· Interviewed by Stephen Northcutt of The SANS Institute on Why Certification Matters - July 2006 - http://preview.tinyurl.com/3vzjk5
· Interviewed for IT Business article entitled Even second helping of Bot Roast “won’t eliminate cybercrime” to provide input on the crackdown of 8 botnet herders and their subsequent arrest – December 2007 - http://preview.tinyurl.com/6hx3kz

Twitter: http://www.twitter.com/andrewsmhay

Specialties:

Holds numerous industry-leading certifications including the CCNA, CCSA, CCSE, CCSE NGX, CCSE Plus, Security+, GSEC, GCIA, GCIH, GCFA, SSP-MPA, SSP-CNSA, NSA, RHCT, RHCE, and CISSP.

Experience

  • Information Security Analyst

    University of Lethbridge

    (Educational Institution; Higher Education industry)

    August 2009Present (8 months)

    Responsible for the technical and operational functions of the Information Security Office including, but not limited to:

    • Threat and vulnerability identification, classification, and analysis, including on-going research into emerging threats. Activities include system security assessments, vulnerability scanning, and security consulting.
    • Design, development, implementation, and management of technical security processes and systems to effectively mitigate identified risks (eg. IDS/IPS, log correlation/SIEM, 2-factor authentication, full-disk encryption, etc.)
    • Investigation, response, reporting, and tracking of security incidents, including all associated digital forensics activities.
    • Coordinating the implementation of security processes/systems and incident response activities across the Information Technology department and the wider University community.
    • Contributing to the development and implementation of an institutional Information Security strategy and comprehensive security awareness program.
    • Designing solutions that provide a high level of security for information assets while preserving and enhancing system usability.

  • Independent Security Analyst and Editor-in-Chief

    www.andrewhay.ca

    (Computer & Network Security industry)

    January 2007Present (3 years 3 months)

    www.andrewhay.ca

  • Managing Partner

    Koteas Corporation

    (Computer & Network Security industry)

    January 2004Present (6 years 3 months)

    Koteas Corporation is a leading provider of end to end security and privacy solutions for government and enterprise. We succeed by earning the trust of our clients and tailoring solutions to meet organizational and infrastructure needs. Our highly trained staff has years of experience in information system security, business continuity, and auditing, risk management & analysis.

  • Information Security Analyst

    Capital G Ltd.

    (Privately Held; Banking industry)

    September 2008July 2009 (11 months)

    Develop plans to safeguard computer files and meet emergency data processing needs. Co-ordinate the implementation of computer systems plans with other people in the organization and outside vendors. Assist in implementing legislated information protection requirements (for example, privacy requirements). Test systems to make sure security measures are working. Modify security files to change user permissions, correct errors or install new software. Consult with other computer specialists and organizational personnel about issues such as information access requirements and programming changes. Monitor the use of information and regulate access to safeguard it. Write reports to document computer security and emergency measures policies, procedures and test results. Conduct compliance audits to ensure that security standards and policies are being followed.

  • Integration Product/Program Manager

    Q1 Labs

    (Privately Held; Computer & Network Security industry)

    February 2008September 2008 (8 months)

    Responsible for the Integration Services portfolio of deliverables at Q1 Labs. Establish relationships with 3rd party vendors to create product requirements documentation for new and exciting integration vectors. Research network, security, application and vulnerability technologies for integration into QRadar, the company’s flagship network security management solution.

  • Manager of Integration Services

    Q1 Labs Inc.

    (Privately Held; Computer & Network Security industry)

    November 2006February 2008 (1 year 4 months)

    Led a team of software developers who were responsible for integrating 3rd party log and vulnerability data into the QRadar SIEM solution.

  • Customer Solutions Architect

    Q1 Labs Inc.

    (Privately Held; 51-200 employees; Computer & Network Security industry)

    February 2005November 2006 (1 year 10 months)

    • Supported the creation, customization, and optimization of clients network security policy using Q1 Labs QRadar
    • Assisted in the development, testing, and integration of events into QRadar from 3rd party devices
    • Provided internal training to sales engineers in the field on above 3rd party products
    • Worked with management to develop call center best practices
    • Acted as Project Manager in selection of enterprise call center ticketing system
    • Assisted sales engineers with installs at customer sites in various cities worldwide
    • Managed several key customer accounts to ensure service level agreements and issues were met in a timely manner
    • Interfaced with VP and C level executives to ensure customer and company issues were properly addressed
    • Lead technical trainer, instructional designer, subject matter expert, and content creator for 3-tiered training program

  • Customer Support Engineer 2

    Nokia Enterprise Solutions

    (Public Company; 10,001 or more employees; NOK; Computer & Network Security industry)

    March 2002January 2005 (2 years 11 months)

    • Supported the creation, customization, and optimization of clients network security policy using Check Point FireWall-1 / VPN-1 (4.1 and NG) and Check Point Provider-1
    • Obtained in-depth knowledge of routing, switching, and interior / exterior gateway routing protocols as well as virtual private networks, encryption algorithms, and general best-practice security issues
    • Supported clients IPSO, Sun Solaris, Windows 2000/XP, Mac OS, and SecurePlatform operating systems and their interaction with Check Point FireWall-1 / VPN-1 (4.1/NG) policies and rule bases
    • Supported implementation, configuration and optimization of Nokia One Business Server (NOBS), Nokia Message Protector (NMP), Nokia Secure Access System (NSAS), and Nokia Horizon Manager (NHM)
    • Head of Small Office product training for Americas TAC
    • Extensive knowledge of 3rd party security devices and competing products

  • Platform Analyst

    Computer Sciences Corporation (Nortel Contract)

    (Public Company; 10,001 or more employees; Computer Software industry)

    November 2000November 2001 (1 year 1 month)

    • Provided second level support for the Clarify Tool suite of applications, an advanced Customer Relationship Management (CRM) application to communications companies and other enterprise sectors.
    • Point of contact between developers and clients
    • Worked in HP-UX, Sun Solaris, Windows 95,98,NT,2000 environment
    • Installed and maintained Apache Web Server, PHP, and WinMySQL database for team

  • Network Analyst

    Magma Communications Ltd.

    (Privately Held; 51-200 employees; Information Technology and Services industry)

    August 2000November 2000 (4 months)

    • Provided networking, internetworking, and connectivity support for Magma Communications Corporate Clients. Supported workstations, servers, and networks located both off-site and in Magma’s Class A Internet Data Facility. Also provided Web Development support for Magma’s Corporate Clients.
    • Provided networking, internetworking, and connectivity using xDSL, Cable, Dial-Up, ATM, Frame Relay, and ISDN technologies
    • Provided support for Cisco, Nortel, Alcatel, and Linksys routers, gateways, and hubs
    • Implemented manual code changes for clients Web Sites in critical, time-sensitive situations using HTML, ColdFusion, PHP, JavaScript
    • Managed Network Monitoring with Media House IP Monitor application
    • Managed Apache Web Server, Zeus Web Server, POP3, SMTP, Linux, Unix, RealServer, MS SQL, Win NT Server, Win 2000, and DNS with Bind 8

  • Platform Analyst

    Convergys

    (Public Company; 10,001 or more employees; CVG; Information Technology and Services industry)

    March 1999August 2000 (1 year 6 months)

    • Responsible for all customer escalated requests
    • Responsible for transfer of knowledge to junior technicians
    • Directly involved in new hire orientation
    • Responsible for all network problem reporting and resolution procedures
    • Integral part of the following contracts:
    • iStar Internet (now PSI Net)
    • Rogers@Home (now Rogers High-Speed)
    • Road Runner Communications
    • Awarded two in-house Technical Certifications in:
    • Windows 3.1,95,98,NT
    • MS-Dos
    • MacOS 7.51-X, AppleTalk
    • BootP, DOCSIS Standards
    • Cable Modem Technology and Structure
    • Network Architecture, Design, Connectivity
    • UNIX
    • ATM, Frame Relay, ISDN, xDSL
    • Citrix

Education

  • The SANS Institute

    Securing Windows 20092009

    The Securing Windows track at SANS (SEC505) is a comprehensive set of courses for Windows security architects and administrators. It tackles tough problems like Active Directory forest design, how to use Group Policy to lock down desktops, deploying a Microsoft PKI and smart cards, pushing firewall and IPSec policies out to every computer in the domain, securing public IIS web servers, and PowerShell scripting.

  • The SANS Institute

    Hacker Techniques, Exploits & Incident Handling 20062006

    This course addresses the latest cutting-edge insidious attack vectors and the "oldie-but-goodie" attacks that are still so prevalent, and everything in between. This course includes a time-tested, step-by-step process for responding to computer incidents; a detailed description of how attackers undermine systems so you can prepare, detect, and respond to them; and a hands-on workshop for discovering holes before the bad guys do. Additionally, the course explores the legal issues associated with responding to computer attacks, including employee monitoring, working with law enforcement, and handling evidence.

    This challenging course is particularly well suited to individuals who lead or are a part of an incident handling team. Furthermore, general security practitioners, system administrators, and security architects will benefit by understanding how to design, build, and operate their systems to prevent, detect, and respond to attacks.

  • The SANS Institute

    Intrusion Detection In-Depth 20062006

    The emphasis of this course is on increasing students' understanding of the workings of TCP/IP, methods of network traffic analysis, and one specific network intrusion detection system (NIDS) - Snort. This is not a comparison or demonstration of multiple NIDSs. Instead, the knowledge provided here allows students to better understand the qualities that go into a sound NIDS and the whys behind them, and thus, to be better equipped to make a wise selection for their site's particular needs.

  • Algonquin College of Applied Arts and Technology

    (not quite) , Computer Science , 19972000

    Left in Fall of 1998

Additional Information

Websites:

Interests:

security, networking, blogging, incident handling, linux, unix, forensics, intrusion analysis, rugby

Groups:

ISSA, Whitehats.ca, The SANS Mentor Program, The Security Catalyst Community, OSSEC LinkedIn Group, PCI Compliance LinkedIn Group, GIAC LinkedIn Group, Log Analysis Professionals Group, The Ethical Hacker Community

  •    CSORoundtable
  •    Certified Information Systems Security Professionals (CISSP)
  •    RSA Conference
  •    OSSEC
  •    The Security Catalyst Community
  •    Community SANS Instructors
  •    Nokia Alumni (past and present)
  •    Information Systems Security Association (ISSA)
  •    Black Hat
  •    GIAC, Global Information Assurance Certification
  •    Information Security Community
  •    Log Analysis Professionals
  •    Privacy Professionals
  •    ISACA Professionals
  •    GIAC Certified Forensic Analyst
  •    Instructional Designers
  •    Security Bloggers Network
  •    The Academy Pro
  •    SOURCE Conference
  •    Security Information and Event Management (SIEM)
  •    Security Leaders Group
  •    Security Twits
  •    CheckPoint Experts
  •    Event log management, security and monitoring
  •    Syngress
  •    CYBER SECURITY Forum Initiative - CSFI

Honors:

Cisco Certified Networking Associate (CCNA)
Stay Sharp Program - Computer and Network Security Awareness (SSP-CNSA)
Stay Sharp Program - Mastering Packet Analysis (SSP-MPA)
Check Point Certified Security Administrator (CCSA)
Check Point Certified Security Engineer (CCSE)
Check Point Certified Security Engineer NGX (CCSE NGX)
Check Point Certified Security Engineer Plus (CCSE Plus)
CompTIA Security+
GIAC Security Essentials Certification (GSEC)
GIAC Certified Intrusion Analyst (GCIA)
GIAC Certified Incident Handler (GCIH)
Nokia Security Administrator (NSA)
Red Hat Certified Technician (RHCT)
Red Hat Certified Engineer (RHCE)
Certified Information Systems Security Professional (CISSP)