About Andrew Hay

Andrew Hay is an information security industry veteran with close to 20 years of experience as a security practitioner, industry analyst, and executive. As the Chief Information Security Officer (CISO) at DataGravity, Inc., he advocates for the company’s total information security needs and is responsible for the development and delivery of the company’s comprehensive information security strategy.

Andrew has served in various roles and responsibilities at a number of companies including OpenDNS (now a Cisco company), CloudPassage, Inc., 451 Research, the University of Lethbridge, Capital G Bank Ltd. (now Clarien Bank Bermuda), Q1 Labs (now IBM), Nokia (now Check Point), Nortel Networks, Magma Communications (now Primus Canada), and Taima Corp (now Convergys).

Andrew is frequently approached to provide expert commentary on security-industry developments, and has been featured in such publications as Forbes, Bloomberg, Wired, USA Today, International Business Times, Sacramento Bee, Delhi Daily News, Austin Business Journal, Ars Technica, RT, VentureBeat, LeMondeInformatique, eWeek, TechRepublic, Infosecurity Magazine, The Data Center Journal, TechTarget, Network World, Computerworld, PCWorld, and CSO Magazine.

I guess I forgot to post this earlier but on Saturday, May 10th I'll be presenting the keynote at SANS Toronto 2008 on Future Trends in Network Security with Rob Lee, Bryce Galbraith, Peter Giannoulis, Jason Lam, Dave Shackleford, Dr. Johannes Ullrich, Stephen Sims, and Guy Bruneau. When not presenting I'll be hanging out at the conference, talking with people, and defending my views on network security. If you're attending the conference then please pull me aside and say hello....

Read More

What do you foresee as the next “great-awakening” for network security? Will it be a breach of the national power grid? Perhaps a horrible botnet, worm, or virus infestation/outbreak? What about a surge in browser threats for desktops or mobile phones? Maybe even a disclosed national security breach by a foreign power? Please fill out the following survey (coordinated by Q1 Labs) to indicate what you think is next on the horizon - http://www.surveymonkey.com/s.aspx?sm=16FAHPNF3sHKXczECIGNaQ_3d_3d...

Read More

Recently, LendingTree announced that several former employees may have provided passwords to a handful of lenders which, in turn, allowed the lenders to access sensitive customer information between October 2006 and early 2008. The passwords allowed the lenders to access files that contained sensitive loan request data for LendingTree customers. The loan request data contained such sensitive information as names, addresses, email addresses, telephone numbers, Social Security numbers, and income and employment information. How was this breach discovered? LendingTree stated that: Our internal security uncovered this situation. We began an internal investigation and reported it to the authorities. We continue to assist...

Read More