
Information Security Analyst at Capital G Ltd.
Bermuda

Information Security Analyst at Capital G Ltd.
Bermuda
S. M. Andrew Hay is a security analyst at Capital G Ltd. in Hamilton, Bermuda. Prior to that he worked as the Integration Services Product and Program Manager for Q1 Labs Inc. He has extensive experience in enterprise network, firewall, VPN, intrusion (IDS/IPS/HIPS), and network security management (NSM/SIM/SEM/NBA) technologies and is also strong advocate of security training, certification programs, and public awareness initiatives.
In February 2008 Andrew released his first book entitled The OSSEC Host-based Intrusion Detection Guide (Syngress, ISBN 9781597492409). He also contributed to Nagios 3 Enterprise Network Monitoring (Syngress, ISBN 9781597492676) and has just completed the Nokia Firewall, VPN, and IPSO Configuration Guide (Syngress, ISBN 9781597492867).
Presenter
· Network Security Monitoring and Management Solutions, Next Generation Networks Technical Awareness Session (TAS), in Gatineau, Quebec, Canada - May 2007
· Enterprise Log Analysis with Q1 Labs QRadar and OSSEC, iTrust and PST Conferences on Privacy, Trust Management and Security in Moncton, New Brunswick, Canada - July 2007
· Security Round Table panelist: Topic “Do we have privacy anymore?” - September 2007 - http://preview.tinyurl.com/66b4t8
· SANS Webcast entitled Separated at Birth – “Identity and Access Reunited!” - September 2007 - http://preview.tinyurl.com/4nnbgj
· “Lunch & Learn” on Enterprise Log Management for Incident Handlers at SANS Network Security 2007 at Caesars Palace in Las Vegas, Nevada - September 2007
Interviews
· Interviewed by Stephen Northcutt of The SANS Institute on Why Certification Matters - July 2006 - http://preview.tinyurl.com/3vzjk5
· Interviewed for IT Business article entitled Even second helping of Bot Roast “won’t eliminate cybercrime” to provide input on the crackdown of 8 botnet herders and their subsequent arrest – December 2007 - http://preview.tinyurl.com/6hx3kz
Twitter: http://www.twitter.com/andrewsmhay
Holds numerous industry-leading certifications including the CCNA, CCSA, CCSE, CCSE NGX, CCSE Plus, Security+, GSEC, GCIA, GCIH, SSP-MPA, SSP-CNSA, NSA, RHCT, RHCE, and CISSP.
(Privately Held; Banking industry)
September 2008 — Present (11 months)
Develop plans to safeguard computer files and meet emergency data processing needs. Co-ordinate the implementation of computer systems plans with other people in the organization and outside vendors. Assist in implementing legislated information protection requirements (for example, privacy requirements). Test systems to make sure security measures are working. Modify security files to change user permissions, correct errors or install new software. Consult with other computer specialists and organizational personnel about issues such as information access requirements and programming changes. Monitor the use of information and regulate access to safeguard it. Write reports to document computer security and emergency measures policies, procedures and test results. Conduct compliance audits to ensure that security standards and policies are being followed.
(Computer & Network Security industry)
January 2007 — Present (2 years 7 months)
www.andrewhay.ca
(Privately Held; Computer & Network Security industry)
February 2008 — September 2008 (8 months)
Responsible for the Integration Services portfolio of deliverables at Q1 Labs. Establish relationships with 3rd party vendors to create product requirements documentation for new and exciting integration vectors. Research network, security, application and vulnerability technologies for integration into QRadar, the company’s flagship network security management solution.
(Privately Held; 1-10 employees; Computer & Network Security industry)
January 2004 — May 2008 (4 years 5 months)
Established in 2004, Koteas Corporation is a leading provider of end to end security and privacy solutions for the small, medium, and enterprise (SME) spaces.
Our desire is to build a trust between us and our clients by tailoring solutions to meet organizational and infrastructural needs. Our highly trained staff has several years experience in information system security, risk management & analysis, business continuity, and auditing.
With a worldwide consultant base, Koteas Corporation can provide you with the security products and solutions you need to defend your most important asset -- your business.
(Privately Held; Computer & Network Security industry)
November 2006 — February 2008 (1 year 4 months)
Led a team of software developers who were responsible for integrating 3rd party log and vulnerability data into the QRadar SIEM solution.
(Privately Held; 51-200 employees; Computer & Network Security industry)
February 2005 — November 2006 (1 year 10 months)
- Supported the creation, customization, and optimization of clients network security policy using Q1 Labs QRadar
- Assisted in the development, testing, and integration of events into QRadar from 3rd party devices
- Provided internal training to sales engineers in the field on above 3rd party products
- Worked with management to develop call center best practices
- Acted as Project Manager in selection of enterprise call center ticketing system
- Assisted sales engineers with installs at customer sites in various cities worldwide
- Managed several key customer accounts to ensure service level agreements and issues were met in a timely manner
- Interfaced with VP and C level executives to ensure customer and company issues were properly addressed
- Lead technical trainer, instructional designer, subject matter expert, and content creator for 3-tiered training program
(Public Company; 10,001 or more employees; NOK; Computer & Network Security industry)
March 2002 — January 2005 (2 years 11 months)
- Supported the creation, customization, and optimization of clients network security policy using Check Point FireWall-1 / VPN-1 (4.1 and NG) and Check Point Provider-1
- Obtained in-depth knowledge of routing, switching, and interior / exterior gateway routing protocols as well as virtual private networks, encryption algorithms, and general best-practice security issues
- Supported clients IPSO, Sun Solaris, Windows 2000/XP, Mac OS, and SecurePlatform operating systems and their interaction with Check Point FireWall-1 / VPN-1 (4.1/NG) policies and rule bases
- Supported implementation, configuration and optimization of Nokia One Business Server (NOBS), Nokia Message Protector (NMP), Nokia Secure Access System (NSAS), and Nokia Horizon Manager (NHM)
- Head of Small Office product training for Americas TAC
- Extensive knowledge of 3rd party security devices and competing products
(Public Company; 10,001 or more employees; Computer Software industry)
November 2000 — November 2001 (1 year 1 month)
- Provided second level support for the Clarify Tool suite of applications, an advanced Customer Relationship Management (CRM) application to communications companies and other enterprise sectors.
- Point of contact between developers and clients
- Worked in HP-UX, Sun Solaris, Windows 95,98,NT,2000 environment
- Installed and maintained Apache Web Server, PHP, and WinMySQL database for team
(Privately Held; 51-200 employees; Information Technology and Services industry)
August 2000 — November 2000 (4 months)
- Provided networking, internetworking, and connectivity support for Magma Communications Corporate Clients. Supported workstations, servers, and networks located both off-site and in Magma’s Class A Internet Data Facility. Also provided Web Development support for Magma’s Corporate Clients.
- Provided networking, internetworking, and connectivity using xDSL, Cable, Dial-Up, ATM, Frame Relay, and ISDN technologies
- Provided support for Cisco, Nortel, Alcatel, and Linksys routers, gateways, and hubs
- Implemented manual code changes for clients Web Sites in critical, time-sensitive situations using HTML, ColdFusion, PHP, JavaScript
- Managed Network Monitoring with Media House IP Monitor application
- Managed Apache Web Server, Zeus Web Server, POP3, SMTP, Linux, Unix, RealServer, MS SQL, Win NT Server, Win 2000, and DNS with Bind 8
(Public Company; 10,001 or more employees; CVG; Information Technology and Services industry)
March 1999 — August 2000 (1 year 6 months)
- Responsible for all customer escalated requests
- Responsible for transfer of knowledge to junior technicians
- Directly involved in new hire orientation
- Responsible for all network problem reporting and resolution procedures
- Integral part of the following contracts:
- iStar Internet (now PSI Net)
- Rogers@Home (now Rogers High-Speed)
- Road Runner Communications
- Awarded two in-house Technical Certifications in:
- Windows 3.1,95,98,NT
- MS-Dos
- MacOS 7.51-X, AppleTalk
- BootP, DOCSIS Standards
- Cable Modem Technology and Structure
- Network Architecture, Design, Connectivity
- UNIX
- ATM, Frame Relay, ISDN, xDSL
- Citrix
Securing Windows 2009 — 2009
The Securing Windows track at SANS (SEC505) is a comprehensive set of courses for Windows security architects and administrators. It tackles tough problems like Active Directory forest design, how to use Group Policy to lock down desktops, deploying a Microsoft PKI and smart cards, pushing firewall and IPSec policies out to every computer in the domain, securing public IIS web servers, and PowerShell scripting.
Hacker Techniques, Exploits & Incident Handling 2006 — 2006
This course addresses the latest cutting-edge insidious attack vectors and the "oldie-but-goodie" attacks that are still so prevalent, and everything in between. This course includes a time-tested, step-by-step process for responding to computer incidents; a detailed description of how attackers undermine systems so you can prepare, detect, and respond to them; and a hands-on workshop for discovering holes before the bad guys do. Additionally, the course explores the legal issues associated with responding to computer attacks, including employee monitoring, working with law enforcement, and handling evidence.
This challenging course is particularly well suited to individuals who lead or are a part of an incident handling team. Furthermore, general security practitioners, system administrators, and security architects will benefit by understanding how to design, build, and operate their systems to prevent, detect, and respond to attacks.
Intrusion Detection In-Depth 2006 — 2006
The emphasis of this course is on increasing students' understanding of the workings of TCP/IP, methods of network traffic analysis, and one specific network intrusion detection system (NIDS) - Snort. This is not a comparison or demonstration of multiple NIDSs. Instead, the knowledge provided here allows students to better understand the qualities that go into a sound NIDS and the whys behind them, and thus, to be better equipped to make a wise selection for their site's particular needs.
(not quite) , Computer Science , 1997 — 2000
Left in Fall of 1998
security, networking, blogging, incident handling, linux, unix, forensics, intrusion analysis, rugby
ISSA, Whitehats.ca, The SANS Mentor Program, The Security Catalyst Community, OSSEC LinkedIn Group, PCI Compliance LinkedIn Group, GIAC LinkedIn Group, Log Analysis Professionals Group, The Ethical Hacker Community
Cisco Certified Networking Associate (CCNA)
Stay Sharp Program - Computer and Network Security Awareness (SSP-CNSA)
Stay Sharp Program - Mastering Packet Analysis (SSP-MPA)
Check Point Certified Security Administrator (CCSA)
Check Point Certified Security Engineer (CCSE)
Check Point Certified Security Engineer NGX (CCSE NGX)
Check Point Certified Security Engineer Plus (CCSE Plus)
CompTIA Security+
GIAC Security Essentials Certification (GSEC)
GIAC Certified Intrusion Analyst (GCIA)
GIAC Certified Incident Handler (GCIH)
Nokia Security Administrator (NSA)
Red Hat Certified Technician (RHCT)
Red Hat Certified Engineer (RHCE)
Certified Information Systems Security Professional (CISSP)