About Andrew Hay

Andrew Hay is an information security industry veteran with close to 20 years of experience as a security practitioner, industry analyst, and executive. As the Chief Information Security Officer (CISO) at DataGravity, Inc., he advocates for the company’s total information security needs and is responsible for the development and delivery of the company’s comprehensive information security strategy.

Andrew has served in various roles and responsibilities at a number of companies including OpenDNS (now a Cisco company), CloudPassage, Inc., 451 Research, the University of Lethbridge, Capital G Bank Ltd. (now Clarien Bank Bermuda), Q1 Labs (now IBM), Nokia (now Check Point), Nortel Networks, Magma Communications (now Primus Canada), and Taima Corp (now Convergys).

Andrew is frequently approached to provide expert commentary on security-industry developments, and has been featured in such publications as Forbes, Bloomberg, Wired, USA Today, International Business Times, Sacramento Bee, Delhi Daily News, Austin Business Journal, Ars Technica, RT, VentureBeat, LeMondeInformatique, eWeek, TechRepublic, Infosecurity Magazine, The Data Center Journal, TechTarget, Network World, Computerworld, PCWorld, and CSO Magazine.

I've got another new CoOp student starting today. That brings my team up to 8 people in total (including two CoOp students). Everything at work is finally starting to fall into place :) Here's the list for today: Intro to hackernomics - I wonder if this term will make it into the next Webster's version? Hackernomics (noun, singular or plural): A social science concerned with description and analysis of attacker motivations, economics and business risk. It is characterized by five fundamental laws and eight corollaries. New approaches to malware detection coming into view - Good idea of what's coming down the pipe. The...

Read More

I went to my first HTCIA meeting last night and got to hear an interesting presentation on "The Importance of E-Mail Preservation in Litigation". I'm not sure if I can post it or not but I'll find out. Here is today's list: Social Engineering Gets a Big Diamond Heist It just goes to show, sometimes the simple things are the most effective. A box of chocolates can defeat all the most hi-tech security systems if you add a little charm. Optical link hacking unsheathed - I guess my Windows NT 4 networking books were wrong :) Instead of breaking a fibre and installing a...

Read More

The good people at Syngress, with the help of Harlan Carvey and Jeremiah Grossman, have sent me too new books to review. I can't wait to tear into both of these titles! Windows Forensic Analysis Including DVD Toolkit From Syngress: One thing that many computer forensic examiners have noticed is an over reliance by investigators on what forensic analysis tools are telling them, without really understanding where this information is coming from or how it is being created or derived. The age of “Nintendo forensics” (i.e., loading an acquired image into a forensic analysis application and pushing a button) is over. As analysts...

Read More