About Andrew Hay

Andrew Hay is an information security industry veteran with close to 20 years of experience as a security practitioner, industry analyst, and executive. As the Chief Information Security Officer (CISO) at DataGravity, Inc., he advocates for the company’s total information security needs and is responsible for the development and delivery of the company’s comprehensive information security strategy.

Andrew has served in various roles and responsibilities at a number of companies including OpenDNS (now a Cisco company), CloudPassage, Inc., 451 Research, the University of Lethbridge, Capital G Bank Ltd. (now Clarien Bank Bermuda), Q1 Labs (now IBM), Nokia (now Check Point), Nortel Networks, Magma Communications (now Primus Canada), and Taima Corp (now Convergys).

Andrew is frequently approached to provide expert commentary on security-industry developments, and has been featured in such publications as Forbes, Bloomberg, Wired, USA Today, International Business Times, Sacramento Bee, Delhi Daily News, Austin Business Journal, Ars Technica, RT, VentureBeat, LeMondeInformatique, eWeek, TechRepublic, Infosecurity Magazine, The Data Center Journal, TechTarget, Network World, Computerworld, PCWorld, and CSO Magazine.

I figured it was time to update my Where's Andrew page and thought I'd do a quick post letting people know where I"m going to be over the next few months. If you're going to be at one of these events, please let me know and we'll catch up (or meet) over a pint or two: Wednesday, December 9th and Thursday, December 10th, 2009 - Presenting a briefing on the OSSEC HIDS with Daniel Cid at the SANS WhatWorks in Incident Detection Summit 2009 with Richard Bejtlich in Washington, DC. Tuesday, October 6th and Wednesday, October 7th, 2009 - Attending SecTor 2009...

Read More

Justin Foster, a fellow Canadian infosec guy, brought up an interesting point today in a tweet he sent out: I remember the good old days when a cloud was something we drew to represent the Internet between two points. *Sigh* He's also responsible for the following diagram for those of you who are visual people: "Cloud" is one of those marketing terms that I can't stand because it is now applied to absolutely everything out on the Internet AND in data centers. In my day we called those areas DMZ and those vendors Application Service Providers (ASPs)...

Read More

I honestly believe that my circle of friends are smart enough to recognize a bad thing when it comes up. That being said, I have always had my doubts about the average person. Luckily my faith has been somewhat restored based on this article stating that someone has been sending unsolicited laptops around to to United States Governors whose offices, as detailed in the article, have promptly contacted the FBI to investigate. As I'm sure you would expect the FBI isn't too happy about it. From the article: The mystery began in West Virginia earlier this month when Gov. Joe Manchin’s...

Read More