About Andrew Hay

Andrew Hay is an information security industry veteran with close to 20 years of experience as a security practitioner, industry analyst, and executive. As the Chief Information Security Officer (CISO) at DataGravity, Inc., he advocates for the company’s total information security needs and is responsible for the development and delivery of the company’s comprehensive information security strategy.

Andrew has served in various roles and responsibilities at a number of companies including OpenDNS (now a Cisco company), CloudPassage, Inc., 451 Research, the University of Lethbridge, Capital G Bank Ltd. (now Clarien Bank Bermuda), Q1 Labs (now IBM), Nokia (now Check Point), Nortel Networks, Magma Communications (now Primus Canada), and Taima Corp (now Convergys).

Andrew is frequently approached to provide expert commentary on security-industry developments, and has been featured in such publications as Forbes, Bloomberg, Wired, USA Today, International Business Times, Sacramento Bee, Delhi Daily News, Austin Business Journal, Ars Technica, RT, VentureBeat, LeMondeInformatique, eWeek, TechRepublic, Infosecurity Magazine, The Data Center Journal, TechTarget, Network World, Computerworld, PCWorld, and CSO Magazine.

Blogs I Read: PCI Compliance Demystified

I’m going to start a new section of my blog in which I detail some of the blogs that I read and the reasons I keep going back to them.

I’m going to start with PCI Compliance Demystified. From the ‘About’ page:

This blog is devoted to demystifying the PCI DSS compliance process and linking you with as many resources as we can. The goal is to decentralize the information and provide a better ROI to your company or your clients.

I stumbled across this blog while searching for information on PCI compliance as it was something that was, and still is, a foggy mess to me. The blog accepts questions from anyone who wants to know more about PCI regulations or requires clarification.

– One of the best sites out there for PCI information as the authors are trying to inform rather than sell to you
– Accepts questions from readers and posts the responses for all to learn from
– Provides a phone number where you can leave voice mail questions
– Frequently updated with quality information
– Fantastic resource page with links to additional information: http://pcianswers.com/resources/

– Some knowledge of PCI, although not required, is helpful in understanding the content

5stars– A fantastic site that every security professional should add to their RSS list even if they don’t deal with PCI on a regular basis

Andrew Hay