About Andrew Hay
Andrew Hay is an information security industry veteran with close to 20 years of experience as a security practitioner, industry analyst, and executive. As the Co-Founder & Chief Technology Officer (CTO) for LEO Cyber Security, he is a member of the senior executive leadership team responsible for the creation and driving of the strategic vision for the company. One of his primary responsibilities is the development and delivery of the company’s comprehensive cyber security, digital forensics, incident response, cloud architecture, and advanced research centers of excellence.
Prior to LEO, Andrew served as the Chief Information Security Officer (CISO) at DataGravity, Inc., where he advocated for the company’s total information security needs and is responsible for the development and delivery of the company’s comprehensive information security strategy. Before that, he served as the Director of Research at OpenDNS where he led the research efforts for the company. Prior to joining OpenDNS he was the Director of Applied Security Research and Chief Evangelist at CloudPassage, Inc.
Before rejoining the vendor world Andrew served as a Senior Security Analyst for 451 Research’s Enterprise Security Practice (ESP) providing technology vendors, private equity firms, venture capitalists and end users with strategic advisory services – including competitive research, new product and go-to-market positioning, investment due diligence and tactical partnership, and M&A strategy. Through his work at 451 Research, Andrew was instrumental in securing tens of millions of dollars in equity investment for numerous security product vendors. He is a veteran strategist with more than a decade of experience related to endpoint, network and security management across various product sectors, including security information and event management (SIEM); log management; deep packet inspection (DPI); security analytics; vulnerability management; penetration testing; intrusion detection and prevention (IDS/IPS); firewall; threat intelligence; application whitelisting; network and host forensics; incident response; and governance, risk and compliance (GRC).
Andrew has worked in the Information Security Office (ISO) of the University of Lethbridge, in Alberta, Canada and, prior to that, at a privately held bank in Hamilton, Bermuda; in each position, he was responsible for strategically designing, driving and executing the goals and objectives of the organization’s information security programs. Prior to that, Andrew served in various roles at Q1 Labs, including Engineering Manager, Product Manager and finally as the Program Manager responsible for the entire portfolio of third-party technology partner relationships.
Awards and Honors
Andrew was honored with the title of Security Thought Leader in May 2008 by the SANS Institute; named an IT Knowledge Exchange blogger of the week in June 2009; listed as one of the Most Powerful Voices in Security by SYS-CON Media’s Jim Kaskade in September 2011; named one of Tripwire Inc.’s Top 25 Security People to Follow in December 2011; and named one of the Top Chief Security Officers (CSOs) to Follow on Twitter by CEOWORLD Magazine in April 2014.
Andrew is frequently approached to provide expert commentary on security-industry developments, and has been featured in such publications as Forbes, Bloomberg, Wired, USA Today, International Business Times, Sacramento Bee, Delhi Daily News, Austin Business Journal, Ars Technica, RT, VentureBeat, LeMondeInformatique, eWeek, TechRepublic, Infosecurity Magazine, The Data Center Journal, TechTarget, Network World, Computerworld, PCWorld, and CSO Magazine.
Andrew is a sought after speaker having spoken, keynoted, or served on a panel at conferences such as RSA Security Conference, Blackhat, SxSW Interactive, ISC2 Congress, Infosecurity Europe, SOURCE Boston, SOURCE Barcelona, SANS Digital Forensics and Incident Response (DFIR) Summit, Security BSides San Francisco, Security BSides Boston, Security BSides Ottawa, Security BSides Las Vegas, Security BSides Los Angeles, Countermeasure, PuppetConf, ChefConf, BayThreat, CloudBeat, OpenStack Summit, HTCIA Conference, AccessData User Conference, Americas Growth Capital West Coast Infosec and Technology Growth Conference 2011, BrightTalk Log Management Summit 2010, and others.
In addition to traditional media outlets, Andrew has appeared on podcasts such as the Data Security Podcast, Forensic4Cast, SecuraBit, PaulDotCom, Security.Exe, Beyond The Perimeter, The Risk Hose, Security Roundtable and Tenable Network Security. He was formally the founder and cohost of the LogChat podcast with Dr. Anton Chuvakin.
Andrew is also an accomplished author, having written three books for Syngress Publishing, an Elsevier imprint, one for The OpenStack project, and a number of research reports.