Andrew Hay is a veteran cybersecurity executive, strategist, industry analyst, data scientist, threat and vulnerability researcher, and international public speaker with close to 25 years of cybersecurity experience across multiple domains.
As the Chief Technology Officer (CTO), and a consulting Chief Information Security Officer (CISO), for LEO Cyber Security, he was a member of the senior executive leadership team responsible for creating and driving the strategic vision of the company. He was also instrumental in raising the profile of the company within the cybersecurity industry and assisted with the raise of the company’s Series B fundraising round.
Prior to LEO, Andrew served as the CISO at DataGravity, Inc. where he advocated for the company’s total information security needs and was responsible for the development and delivery of the company’s comprehensive information security strategy.
Andrew was formerly the Director of Security Research at OpenDNS where he led the research agenda and efforts for the company. Andrew was instrumental in raising the profile of the company and its research prior to its acquisition by Cisco Systems in 2015. Prior to joining OpenDNS, he was the Director of Applied Security Research and Chief Evangelist at CloudPassage, Inc. Before CloudPassage, Andrew served as a Senior Security Analyst for 451 Research’s Enterprise Security Practice (ESP) providing technology vendors, private equity firms, venture capitalists and end users with strategic advisory services – including competitive research, new product and go-to-market positioning, investment due diligence and tactical partnership, and M&A strategy. Through his work at 451 Research, Andrew was instrumental in securing tens of millions of dollars in equity investment for numerous security product vendors.
Before joining 451 Research, Andrew worked in the Information Security Office (ISO) of the University of Lethbridge, in Alberta, Canada and, prior to that, at a privately held bank in Hamilton, Bermuda. In each position, he was responsible for strategically designing, driving, and executing the goals and objectives of the organization’s information security programs.
Andrew also served in various roles at Q1 Labs (now IBM), including Engineering Manager, Product Manager, and finally as the Program Manager responsible for the entire portfolio of third-party technology partner relationships.
He was honored with the title of Security Thought Leader in May 2008 by the SANS Institute; named an IT Knowledge Exchange blogger of the week in June 2009; listed as one of the 10 ‘Infosec Folk to Follow on the Twitters’ by Matthew Grant in November 2010; listed as one of the Most Powerful Voices in Security by SYS-CON Media’s Jim Kaskade in September 2011; named one of Tripwire Inc.’s Top 25 Influencers in Security in December 2011; named one of the Top Chief Security Officers (CSOs) to Follow on Twitter by CEOWORLD Magazine in April 2014; named one of the 100 DevOps leaders, enthusiasts, and experts you should follow today by TechBeacon in September 2015; and named one of the World’s Top 100 IT Security Influencers and one of the Top 50 Tech Leaders by CISO Platform in December 2018.
Andrew was also presented with the Lethal Forensicator Coin by The SANS Institute at the SANS 2010 What Works in Forensics and Incident Response Summit – awarded to those who demonstrate exceptional talent, contributions, or helps to lead in the digital forensics profession and community. He is a sought-after speaker and has presented at numerous international security conferences.
He is frequently approached to provide expert commentary on security-industry developments, and has been featured in such publications as Forbes, Bloomberg, Wired, USA Today, International Business Times, Sacramento Bee, Delhi Daily News, Austin Business Journal, Ars Technica, RT, VentureBeat, LeMondeInformatique, eWeek, TechRepublic, Infosecurity Magazine, The Data Center Journal, TechTarget, Network World, Computerworld, PCWorld, and CSO Magazine. Andrew also has written articles for several trade publications such as Forbes, Information Week Magazine, DarkReading and Network Computing on various security-related topics.