About Andrew Hay

Andrew Hay is an information security industry veteran with close to 20 years of experience as a security practitioner, industry analyst, and executive. As the Chief Information Security Officer (CISO) at DataGravity, Inc., he advocates for the company’s total information security needs and is responsible for the development and delivery of the company’s comprehensive information security strategy.

Andrew has served in various roles and responsibilities at a number of companies including OpenDNS (now a Cisco company), CloudPassage, Inc., 451 Research, the University of Lethbridge, Capital G Bank Ltd. (now Clarien Bank Bermuda), Q1 Labs (now IBM), Nokia (now Check Point), Nortel Networks, Magma Communications (now Primus Canada), and Taima Corp (now Convergys).

Andrew is frequently approached to provide expert commentary on security-industry developments, and has been featured in such publications as Forbes, Bloomberg, Wired, USA Today, International Business Times, Sacramento Bee, Delhi Daily News, Austin Business Journal, Ars Technica, RT, VentureBeat, LeMondeInformatique, eWeek, TechRepublic, Infosecurity Magazine, The Data Center Journal, TechTarget, Network World, Computerworld, PCWorld, and CSO Magazine.

These three day work weeks are fantastic! I've taken vacation tomorrow just to chill out before I head to Houston and boy am I looking forward to it. Here's the list: Storage Array for your Splunk datastore - Oh how I wish I had one of these. New Hotness: (Sun's new "Low Cost Array" 25x0 series) Announcing the Information Protection Assessment Toolkit (IPAT) - I suspect, based on the presenter, that this would be a very good program. The Information Protection Assessment Toolkit is a process that helps you identify security issues and develop an information protection plan. It is the first step in...

Read More

I've got everything booked for my trip to Houston and I'm looking forward to the BBQ I plan on enjoying :P Here's the list: Soloway: Another spammer bites the dust - Chalk one up for the good guys! A notorious spammer once sued by Microsoft was arrested in Seattle this morning, a week after a federal grand jury indicted him under seal for allegedly illegal — and prolific — spamming. NIST readies guidance on IT security assessments - If you've got comments you have until July 31st to make them. The National Institute of Standards and Technology has finished the third and possibly final draft...

Read More

I'm back home after my NSM presentation in Ottawa only to find out that I'm heading to Houston, TX on Sunday for a few days. Here's the list: Find vulnerable Windows wireless drivers - Maybe it's a good time to audit your own laptop :) As more and more businesses move from legacy wireless security models, attackers are looking for new techniques to exploit wireless networks. One technique that is rapidly gaining popularity is to exploit vulnerabilities in wireless network drivers. Taxonomy of glitch and side channel attacks - Very interesting article. There are a number of things to try when developing such attacks, depending...

Read More