About Andrew Hay

Andrew Hay is an information security industry veteran with close to 20 years of experience as a security practitioner, industry analyst, and executive. As the Chief Information Security Officer (CISO) at DataGravity, Inc., he advocates for the company’s total information security needs and is responsible for the development and delivery of the company’s comprehensive information security strategy.

Andrew has served in various roles and responsibilities at a number of companies including OpenDNS (now a Cisco company), CloudPassage, Inc., 451 Research, the University of Lethbridge, Capital G Bank Ltd. (now Clarien Bank Bermuda), Q1 Labs (now IBM), Nokia (now Check Point), Nortel Networks, Magma Communications (now Primus Canada), and Taima Corp (now Convergys).

Andrew is frequently approached to provide expert commentary on security-industry developments, and has been featured in such publications as Forbes, Bloomberg, Wired, USA Today, International Business Times, Sacramento Bee, Delhi Daily News, Austin Business Journal, Ars Technica, RT, VentureBeat, LeMondeInformatique, eWeek, TechRepublic, Infosecurity Magazine, The Data Center Journal, TechTarget, Network World, Computerworld, PCWorld, and CSO Magazine.

Attained the GIAC Incident Handler Designation!

GCIHWell I finally did it, I passed both of my GIAC Certified Incident Handler (GCIH) exams with 89% on each!

This was the first time I had a chance to use the SANS OnDemand training method and I have some mixed feelings about it:

  • Very Portable – while out of the office, I was able to access the material when I needed it. This was very handy while waiting for my Red-eye flights back from California to the East Coast.
  • MP3’s For Download – SANS makes the MP3’s available for download which makes flights go by quickly and allows me to learn while in cramped quarters (In case you don’t know I’m 6″4 and don’t travel well on Airplanes designed for 1950’s sized passengers).
  • End of Section Tests – each section ends with a test to ensure that you know the content prior to moving on. This really prevents you from blowing through topics that you THINK you know.


  • No Dead Trees – I am the kind of person who like to be able to have the material printed out and in hand. I tend to absorb it better when reading old fashioned printed books. I wish that they’d include them in the cost of the On Demand course.
  • Presentation – I know for a fact that these On Demand sessions are SANS’ first crack at self-paced training. They are quite rough around the edges and do require some added bells and whistles to keep my interest. Perhaps they should invest in a different Web Based Training package that doesn’t look like it’s optimized for Netscape 4
  • Accuracy – not of the content but the way it is presented to the user. There was one section that was not covered and I would not have been able to pass the test at the end of the section had I not ordered the books (and used them as reference). I emailed in, as per their process, and it was fixed several days later. Had I not had the books I would not have been able to progress to the next section and 7 days would have felt like an eternity.

Anyone else have similar experiences with this method from SANS?

Andrew Hay