Andrew Hay is an information security industry veteran with more than 20 years of experience as a security practitioner, industry analyst, and executive. As the Co-Founder & Chief Technology Officer (CTO) for LEO Cyber Security, he is a member of the senior executive leadership team responsible for the creation and driving of the strategic vision for the company. One of his primary responsibilities is the development and delivery of the company’s comprehensive cyber security, digital forensics, incident response, cloud architecture, and advanced research centers of excellence.
As the Chief Information Security Officer (CISO) at DataGravity, Inc., he advocated for the company’s total information security needs and was responsible for the development and delivery of the company’s comprehensive information security strategy.
Andrew was formally the Director of Security Research at OpenDNS where he led the research agenda and efforts for the company. Andrew was instrumental in raising the profile of the company and its research prior to its acquisition by Cisco Systems in 2015. Prior to joining OpenDNS he was the Director of Applied Security Research and Chief Evangelist at CloudPassage, Inc. Prior to that, Andrew served as a Senior Security Analyst for 451 Research’s Enterprise Security Practice (ESP) providing technology vendors, private equity firms, venture capitalists and end users with strategic advisory services – including competitive research, new product and go-to-market positioning, investment due diligence and tactical partnership, and M&A strategy. Through his work at 451 Research, Andrew was instrumental in securing tens of millions of dollars in equity investment for numerous security product vendors. He is a veteran strategist with more than a decade of experience related to endpoint, network and security management across various product sectors, including security information and event management (SIEM); log management; deep packet inspection (DPI); security analytics; vulnerability management; penetration testing; intrusion detection and prevention (IDS/IPS); firewall; threat intelligence; application whitelisting; network and host forensics; incident response; and governance, risk and compliance (GRC).
Before joining 451 Research, Andrew worked in the Information Security Office (ISO) of the University of Lethbridge, in Alberta, Canada and, prior to that, at a privately held bank in Hamilton, Bermuda; in each position, he was responsible for strategically designing, driving and executing the goals and objectives of the organization’s information security programs. Andrew has also served in various roles at Q1 Labs (now IBM), including Engineering Manager, Product Manager and finally as the Program Manager responsible for the entire portfolio of third-party technology partner relationships.
Andrew was honored with the title of Security Thought Leader in May 2008 by the SANS Institute; named an IT Knowledge Exchange blogger of the week in June 2009; listed as one of the 10 ‘Infosec Folk to Follow on the Twitters’ by Matthew Grant in November 2010; listed as one of the Most Powerful Voices in Security by SYS-CON Media’s Jim Kaskade in September 2011; named one of Tripwire Inc.’s Top 25 Influencers in Security in December 2011; named one of the Top Chief Security Officers (CSOs) to Follow on Twitter by CEOWORLD Magazine in April 2014; and named one of the 100 DevOps leaders, enthusiasts, and experts you should follow today by TechBeacon in September 2015.
Andrew was also presented with the Lethal Forensicator Coin by The SANS Institute at the SANS 2010 What Works in Forensics and Incident Response Summit – awarded to those who demonstrate exceptional talent, contributions, or helps to lead in the digital forensics profession and community. He is a sought-after speaker and has presented at numerous international security conferences.
Andrew is frequently approached to provide expert commentary on security-industry developments, and has been featured in such publications as Forbes, Bloomberg, Wired, USA Today, International Business Times, Sacramento Bee, Delhi Daily News, Austin Business Journal, Ars Technica, RT, VentureBeat, LeMondeInformatique, eWeek, TechRepublic, Infosecurity Magazine, The Data Center Journal, TechTarget, Network World, Computerworld, PCWorld, and CSO Magazine. Andrew also has written articles for several trade publications such as Information Week Magazine, DarkReading and Network Computing on various security-related topics.