About Andrew Hay

Andrew Hay is an information security industry veteran with close to 20 years of experience as a security practitioner, industry analyst, and executive. As the Chief Information Security Officer (CISO) at DataGravity, Inc., he advocates for the company’s total information security needs and is responsible for the development and delivery of the company’s comprehensive information security strategy.

Andrew has served in various roles and responsibilities at a number of companies including OpenDNS (now a Cisco company), CloudPassage, Inc., 451 Research, the University of Lethbridge, Capital G Bank Ltd. (now Clarien Bank Bermuda), Q1 Labs (now IBM), Nokia (now Check Point), Nortel Networks, Magma Communications (now Primus Canada), and Taima Corp (now Convergys).

Andrew is frequently approached to provide expert commentary on security-industry developments, and has been featured in such publications as Forbes, Bloomberg, Wired, USA Today, International Business Times, Sacramento Bee, Delhi Daily News, Austin Business Journal, Ars Technica, RT, VentureBeat, LeMondeInformatique, eWeek, TechRepublic, Infosecurity Magazine, The Data Center Journal, TechTarget, Network World, Computerworld, PCWorld, and CSO Magazine.

I was sent an advanced review copy of The The Phoenix Project: A Novel About IT, DevOps, and Helping Your Business Win by co-author Gene Kim and I can honestly say that it was one of the most enjoyable books I've read in a long time. The novel, written by Gene Kim, Kevin Behr, and George Spafford, not only combines an interesting story with sound business practices, it also teaches the reader about risk evaluation, critical thinking, and how manufacturing processes can translate to IT operations, development, and, of course, DevOps. The characters in the book were easy to relate to...

Read More

Four chapters. You might think that with only four chapters the author could in no way write a book that covers Windows registry forensics. I was a bit skeptical at first too but was quickly proven wrong. I’ve known Harlan for a few years now and I know that his knowledge of the Windows registry is in the 99th percentile when compared to his peers. Do not think of this as a four-chapter book. Think of this as a continuation of the concepts that Harlan presented in Chapter 4 of his Windows Forensic Analysis DVD Toolkit, Second Edition. With only...

Read More

One of the contributors (Chris Blask – thanks Chris) gave me a copy of this book to review and I was very excited to start reading it. Unfortunately, this book did not deliver. The content was light and the filler content, to make the total page count appear impressive, felt artificially inflated. The first 3 chapters have little to nothing to do with SIEM implementation but rather with general security concepts that really add nothing to the book. Those chapters echo content presented within some of Shon Harris’ other publications and made me feel as though I was studying for...

Read More