About Andrew Hay

Andrew Hay is an information security industry veteran with close to 20 years of experience as a security practitioner, industry analyst, and executive. As the Chief Information Security Officer (CISO) at DataGravity, Inc., he advocates for the company’s total information security needs and is responsible for the development and delivery of the company’s comprehensive information security strategy.

Andrew has served in various roles and responsibilities at a number of companies including OpenDNS (now a Cisco company), CloudPassage, Inc., 451 Research, the University of Lethbridge, Capital G Bank Ltd. (now Clarien Bank Bermuda), Q1 Labs (now IBM), Nokia (now Check Point), Nortel Networks, Magma Communications (now Primus Canada), and Taima Corp (now Convergys).

Andrew is frequently approached to provide expert commentary on security-industry developments, and has been featured in such publications as Forbes, Bloomberg, Wired, USA Today, International Business Times, Sacramento Bee, Delhi Daily News, Austin Business Journal, Ars Technica, RT, VentureBeat, LeMondeInformatique, eWeek, TechRepublic, Infosecurity Magazine, The Data Center Journal, TechTarget, Network World, Computerworld, PCWorld, and CSO Magazine.

Suggested Blog Reading – Friday May 25th, 2007

ReadThere’s just something about having to get up at 4:15am to get on a plane that kind of ruins your day.

Here’s the list:

Enhanced Operating System Identification with Nessus – I’m in favor of finding better ways to profile OS’…how about you?

Tenable’s Research group recently introduced a highly accurate form of operating system identification. This new method combines input from various other plugins that perform separate techniques to guess or identify a remote operating system. This blog entry describes this new process and shows some example results .

Prefetch Analysis – I’ve never known so much about something I previously knew nothing about 🙂

I’ve seen a couple of posts recently on other blogs (here’s one from Mark McKinnon) pertaining to the Windows XP Prefetch capability, and I thought I’d throw out some interesting stuff on analysis that I’ve done with regards to the Prefetch folder.

Essential Bluetooth hacking tools – I can honestly say that I haven’t run into a situation where I’ve had to test and/or analyze Bluetooth devices yet. At least I now know where to get some tools.

If you are planning to gain a deeper understanding of Bluetooth security, you will need a good set of tools with which to work. By familiarizing yourself with the following tools, you will not only gain a knowledge of the vulnerabilities inherent in Bluetooth-enabled devices, but you will also get a glimpse at how an attacker might exploit them.

VMware Security and NAT Problems – This is the first I’ve heard of such problems.

As helpful as VMware is I can honestly say that it has caused me quite a bit of grief lately. My feelings of frustration have mainly been my fault but tonight I also received a warning to update to the latest version of VMware Workstation. And when Ed Skoudis tells you to update immediately I listen, as should you.

The problems with VMware started on Tuesday when the culmination of the SANS Hacker Techniques, Exploits & Incident Handling started. During the last week of this SANS @Home course the whole class is given access to a virtual lab which contains a vulnerable environment for the hacking. As it is a training situation Ed provides detailed instructions on how the students are suppose to set up their attacking systems. I spent the better part of that night and the next night hacking with a team and individually. I thought that I would do really well but in the end I just could not get anything to work correctly.

Recovering a FAT filesystem directory entry in five phases – Good article to cap things off.

This is the last in a series of posts about five phases that digital forensics tools go through to recover data structures (digital evidence) from a stream of bytes. The first post covered fundamental concepts of data structures, as well as a high level overview of the phases. The second post examined each phase in more depth. This post applies the five phases to recovering a directory entry from a FAT file system.

Andrew Hay