h1

Infosec Analyst Q&A: Andrew Hay, 451 Research

March 30, 2012

By Rose Ross, @Rose_at_O

Andrew Hay is a Senior Security Analyst for 451 Research‘s Enterprise Security Practice (ESP).

Q. Tell us about yourself and 451 Research.

451 Research is a niche, focused industry analyst firm; it’s been around for quite a few years now and has an international presence: London, New York, Boston and San Francisco.  We’re also aiming for other locations too. My role at 451 is as part of the three-person Enterprise Security Practice (ESP), along with Wendy Nather and Steve Coplan, and I’m physically located in southern Alberta, Canada.  The ESP caters to the evolving world of Information Security and the companies working within it. The team aims to provide analysis that helps to inform those interested in new and innovative security technologies.

The practice serves a lot of our existing vendor clients, but, obviously, not from the same angle.  We spend a great deal of time with venture capitalists and investment banks; we find out what they are they doing that is innovative, whether they need additional funding, whether there are plans to go public, or whether more rounds of funding are required.  There’s a lot of work on strategy, on refocusing messaging, and on roadmaps.

Unlike many other analysts, Wendy and I are both practitioners.  I’ve worked in the information security office for a university and a bank in Bermuda, and been a product manager at Q1 Labs.  I cut my eye teeth on various technologies: Security Information & Event Management (SIEM) solutions, log management, IT Governance, Risk Management and Compliance (IT GRC), intrusion detection and prevention, end point security, application white-listing, forensics, incident response, vulnerability management, penetration testing, mobile security, big data security, nation-state cyber-security and critical infrastructure protection.

Q. That’s quite a list.  With such broad experience, what companies interest you now?

Right now I’m into mobile device security.  Many years ago I worked for Nokia, and I also managed a firewall for a telco.  Where mobile devices and security are concerned I think that EU telecommunication providers will experience more pain more than, say, North America.

I’m also interested in Big Data, because with Big Data comes Big Data Security.  Traditional SIEM products and protocols were simply not designed to handle the levels or types of movement, mobility, access, social media or network access points that are commonly required now, so it’s a sector in motion.

Q. What are the most important recent developments in security?

The key thing now is vendors’ ability to integrate with competitors and complementary vendors – open integration points enable customers to avoid having all of their eggs in one basket.  This ensures vendors need to price competitively, to innovate, and enable customers to adopt a best-of-breed strategy, in the knowledge that everything will fully integrate.

Q. What is your favourite piece of technology?

Definitely SIEM (security information and event management).  I’m fascinated by how it has evolved so far and by how it ill have to evolve over the coming years.

Q. What is the best way to pitch a company to you?

This goes out to everyone: contact the client services team.  A common mistake is to just email analysts directly, but for us it’s harder to filter through what is relevant or what someone else might be covering.  The best way to kick-off a relationship is to grab me at a conference and introduce yourself.  At the moment I seem to be speaking to a lot of Israeli security companies; it is a boom sector there.

 Q. Do you have any tips for people who brief you?

Oh yes.  I like to see a copy of the slides before the briefing so I can listen to the presenter with my full attention.  And, please, sales pitches don’t work well on anyone: give me the business overview and get into the weeds where we can get dirty.  I prefer to talk to the CEO or CTO because they normally know what I want to know, and have the authority to talk about it.

Q. Which conferences do you go to?

I travel to all the major conferences: RSA comes to mind, and Black Hat in Las Vegas as well.  I also submit talks to other conferences, like Security BSides in San Francisco and London, and I’ll be at Countermeasure 2012 in Ottawa in October.  I’ll also be at InfoSecurity Europe in London.

Q. Which of those do you enjoy the most?

I think RSA – this marks the first meeting of the year and the security bloggers party, and all of my collective friends hang out.  It’s very sociable but, really, there are too many parties!  The BSides conference offers very fresh perspectives and with the co-location it is like I get the best of both worlds.

Q. Do you have a favourite restaurant or meal?

I’m a big fan of BBQ, but I’m equally at home in a pub.  I’m more fish-and-chips-and-a-pint than Michelin star.

Q. What are your interests away from work?

It used to be dominated by rugby, but I can’t play any more.  I played provincial rugby in Ottawa, eastern Ontario, and in Bermuda for the local police club.  I also refereed high school rugby. I’m also a big movie buff, mostly action and sci-fi, but comedy is probably my favourite.

Q. Do you have a “claim to fame”?

Well, I was voted the #1 Sexiest Geek in information security 2010 – does that count?  I can’t believe I’ve told you that. Is this going to be published anywhere?

Q. Finally, what would be your dream press trip?

One that involves tickets for annual Army vs Navy rugby match at Twickenham.  That’s April 28th 2012 – and I believe tickets are still available!

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: