About Andrew Hay

Andrew Hay is an information security industry veteran with close to 20 years of experience as a security practitioner, industry analyst, and executive. As the Chief Information Security Officer (CISO) at DataGravity, Inc., he advocates for the company’s total information security needs and is responsible for the development and delivery of the company’s comprehensive information security strategy.

Andrew has served in various roles and responsibilities at a number of companies including OpenDNS (now a Cisco company), CloudPassage, Inc., 451 Research, the University of Lethbridge, Capital G Bank Ltd. (now Clarien Bank Bermuda), Q1 Labs (now IBM), Nokia (now Check Point), Nortel Networks, Magma Communications (now Primus Canada), and Taima Corp (now Convergys).

Andrew is frequently approached to provide expert commentary on security-industry developments, and has been featured in such publications as Forbes, Bloomberg, Wired, USA Today, International Business Times, Sacramento Bee, Delhi Daily News, Austin Business Journal, Ars Technica, RT, VentureBeat, LeMondeInformatique, eWeek, TechRepublic, Infosecurity Magazine, The Data Center Journal, TechTarget, Network World, Computerworld, PCWorld, and CSO Magazine.

This week is no better than the last. Hopefully I'll be able to get these posts back on track shortly. Here is the list: Virtualized rootkits - Part 1 / Virtualized rootkits - Part 2 - Interesting articles on virtualized rootkits (a rather hot topic pre- and post-Blackhat) There has been a lot of buzz around the topic of virtualized rootkits. Joanna Rutkowska has been working on a new version of Blue-Pill, her proof of concept invisible rootkit, while a team made by three prominent security experts (Thomas Ptacek, Nate Lawson, Peter Ferrie) challenged her that there is not an "invisible" rootkit, and...

Read More

When I first received this book from Syngress I was very excited. I knew nothing about PCI compliance -- other than it was big ticket item and everyone processing Visa transactions was affected in some way because of it. I can honestly say that I tore through this book and didn't put it down until I reached chapter 13. I was completely wrapped up in it as it was something I knew nothing about and wanted to know more! Chapters 1 through 3 introduce you to the concepts behind PCI compliance including what it is and who needs to comply....

Read More

Man what a week so far. It's been so busy that I don't have a moment to breath. Here is the list: CSFA Test Vouchers - You still have to make your way there but the promise of free vouchers might make it worth your while. NewsCyberSecurity Institute will be giving away five vouchers for the CyberSecurity Forensic Analyst certification. The vouchers will be good through 2008. Publication of Hachoir project version 1.0 - Something to check out. Hachoir is a framework for binary file manipulation: file format recognition, metadata extraction, searching files in any binary stream (forensics), viewing file content with human representation, etc....

Read More