About Andrew Hay

Andrew Hay is an information security industry veteran with close to 20 years of experience as a security practitioner, industry analyst, and executive. As the Chief Information Security Officer (CISO) at DataGravity, Inc., he advocates for the company’s total information security needs and is responsible for the development and delivery of the company’s comprehensive information security strategy.

Andrew has served in various roles and responsibilities at a number of companies including OpenDNS (now a Cisco company), CloudPassage, Inc., 451 Research, the University of Lethbridge, Capital G Bank Ltd. (now Clarien Bank Bermuda), Q1 Labs (now IBM), Nokia (now Check Point), Nortel Networks, Magma Communications (now Primus Canada), and Taima Corp (now Convergys).

Andrew is frequently approached to provide expert commentary on security-industry developments, and has been featured in such publications as Forbes, Bloomberg, Wired, USA Today, International Business Times, Sacramento Bee, Delhi Daily News, Austin Business Journal, Ars Technica, RT, VentureBeat, LeMondeInformatique, eWeek, TechRepublic, Infosecurity Magazine, The Data Center Journal, TechTarget, Network World, Computerworld, PCWorld, and CSO Magazine.

Please vote for my BSidesSanFrancisco talk entitled "My Life on the Infosec D-List" by tweeting (I think that's a verb now) the following: I vote for "My Life on the Infosec D-List" by @andrewsmhay #BSidesSF http://bit.ly/BSidesSFtalks Abstract: People new to information security often find themselves wondering how to make a name for themselves in the industry. Andrew Hay has lived most of his career on the D-list but has worked hard to increase his status in the hopes of someday landing that coveted A-list position. Through this talk we'll discuss how to expand your circle of influence, how to build your personal...

Read More

Today's interview is with the Defender of the Commonwealth, ham radio twit, and surly security guy - Ben Jackson. Q: Tell us a little about yourself. I've always referred to myself as "just another geek from Boston" as we seem to have our fair share up here. I've lived in Massachusetts for all my life, the first 25 or so years in Lynn, about 20 miles north of Boston, and now in New Bedford, about an hour and a half south. My family bought our first computer in 1991 when I was 11 and I have been addicted since. When my family...

Read More

The results of a study show that the average cost of a data breach (based on 2009 data) is $204USD per exposed record. I often find it hard to value the data I'm protecting so this is really a good starting point to measure against. Report: http://www.encryptionreports.com/2009cdb.html Excellent writeup: http://www.scmagazineus.com/data-breaches-cost-organizations-204-per-record-in-2009/article/162259/ Highlights: Number of data breaches that were caused by malicious attacks and botnets doubled from 12 percent in 2008 to 24 percent in 2009. Data breaches caused by malicious attacks cost organizations 30 to 40 percent more on average than those caused by human negligence or by IT system glitches. 42 percent of all data breaches...

Read More