About Andrew Hay

Andrew Hay is an information security industry veteran with close to 20 years of experience as a security practitioner, industry analyst, and executive. As the Chief Information Security Officer (CISO) at DataGravity, Inc., he advocates for the company’s total information security needs and is responsible for the development and delivery of the company’s comprehensive information security strategy.

Andrew has served in various roles and responsibilities at a number of companies including OpenDNS (now a Cisco company), CloudPassage, Inc., 451 Research, the University of Lethbridge, Capital G Bank Ltd. (now Clarien Bank Bermuda), Q1 Labs (now IBM), Nokia (now Check Point), Nortel Networks, Magma Communications (now Primus Canada), and Taima Corp (now Convergys).

Andrew is frequently approached to provide expert commentary on security-industry developments, and has been featured in such publications as Forbes, Bloomberg, Wired, USA Today, International Business Times, Sacramento Bee, Delhi Daily News, Austin Business Journal, Ars Technica, RT, VentureBeat, LeMondeInformatique, eWeek, TechRepublic, Infosecurity Magazine, The Data Center Journal, TechTarget, Network World, Computerworld, PCWorld, and CSO Magazine.

RSAC 2017 Ransomware Summit

RansomwareNobody likes to think about their company’s critical data being compromised and held for ransom. Unfortunately, this type of threat, dubbed ransomware, cannot be ignored. In the first quarter of 2016 alone, CNN projected that cybercriminals collected more than $200 million through ransomware attacks.


This would make ransomware a nearly $1 billion business annually, and it is growing quickly. This scale can be difficult to grasp, so how about an example that’s easier to identify with? In February of 2016, Los Angeles’s Hollywood Presbyterian Medical Center was hit with a ransomware attack. The attack lasted for four days before the hospital finally paid the ransom of $17,000 to get its network back. You may think, “$17,000? That doesn’t sound so bad.” Of course, the actual cost – downtime, delays, lost customers, etc. – was much worse: an estimated $11 million. Do I have your attention now?


When I approached the RSA Conference program team with the idea of holding a one day summit on ransomware at this year’s event, they jumped at the opportunity. As the result of long hours, careful planning, and a highly selective abstract review process, we have locked in our inaugural RSAC 2017 Ransomware Summit. With yours truly Andrew Hay as the host, attendees can expect a full day all about ransomware and its multifaceted implications across technical, policy, compliance and financial response. Sessions will discuss innovative research, present case studies on response and recovery to ransomware, explore combatting ransomware, and debate if — and when — you should pay the ransom. Speakers at the summit include:


  • Andrei Barysevich, Director of Advanced Collection, Recorded Future
  • Christiaan Beek, Head of Strategic Threat research, Intel Security
  • Michael Duff, CISO, Stanford University
  • David Formby, Ph.D. Candidate, Georgia Institute of Technology
  • Robert Gibbons, Chief Technology Officer, Datto
  • Jeremiah Grossman, Chief of Security Strategy, SentinelOne
  • Levi Gundert, Vice President of Intelligence and Strategy, Recorded Future
  • Anton Ivanov, Senior Malware Analyst in Kaspersky Lab, Kaspersky Lab
  • Neil Jenkins, Director of the Enterprise Performance Management Office (EPMO), Department of Homeland Security
  • Paula Long, CEO and Co-Founder, DataGravity
  • Raj Samani, CTO, EMEA, Intel Security
  • Joachim Suico, Threat Research Engineer, Trend Micro, Inc.
  • Candid Wüest, Threat Researcher, Symantec


Though I can’t detail every session, I do want to highlight a few of the sessions I feel attendees simply can’t miss. The first session of the day will be a panel entitled “Preparing for Ransomware” with Michael Duff of Stanford University, Adam Ely of Walmart, and Neil Jenkins from the Department of Homeland Security. This session will set the stage for the challenges of preparing for, and responding to, ransomware across various organizations and industry verticals.


A live hack will be demonstrated in “Out of Control: Ransomware for Industrial Control Systems” by Georgia Institute of Technology Ph.D. candidate David Formby. To illustrate the effects of ransomware on an industrial control system, this session will show the operational and physical harm implications resulting from the compromise of a popular programable logic controller (PLC). This may be the session that causes a restless sleep for some of our attendees.


Two important sessions will cover the underground economy that is actively being fueled by ransomware. In “Legitimate Business as Unwitting Accomplice of Underground Economy”, Andrei Barysevich and Levi Gundert of Recorded Future will explore the threat of encrypted data extortion from ransomware attacks and will quantify the extorted payment volume occurring on the Dark Web. In “A deep look into the Russian-speaking ransomware ecosystem”, Anton Ivanov from Kaspersky Lab will provide detailed analysis of the Russian-speaking criminal underground that empowers ransomware attacks all over the world.


The summit takes place on Monday, February 13, 2017 from 9:00 AM – 5:00 PM at Moscone West. Space will be limited so please reserve your seat as quickly as possible before it’s too late. In addition to learning from some of the best and brightest minds in the industry, I hope all attendees will share their own ransomware experiences, tips, and mitigation techniques with their peers throughout the day and the week of the RSA Conference.


I hope to see you at the summit!

Andrew Hay