About Me – Andres Andreu – Cybersecurity Leader


About Me – Andres Andreu – Cybersecurity Leader – my career has spanned federal government service, corporate America, global consulting, the start up world, the cybersecurity product space, and executive advising.

I am a Father of four, Husband, Technologist (Cybersecurity / Software), Inventor, Judoka, Writer and an Artist. I suppose that makes me sort of complex even though I don’t feel complex.

Linkedin: Andres Andreu, CISSP-ISSAP, QTE

CISSP – Certificate
CISSP-ISSAP – Certificate
Boardroom Certified Qualified Technology Expert: – Certificate

Some Publications

Author

  • 11/2024 – “The CISO Playbook”, CRC Press, ISBN: “978-1-032-76207-4” – link
  • 7/2024 – “Cybersecurity Can Be a Businesses Enabler” – BankInfo Security (ISMG) – link
  • Fall 2022 – “Through the Lens of a CISO” – United States Cybersecurity Magazine – link
  • 8/2022 – “Protecting Critical Space Assets from Cyber Threats” – Education Technology Insights – link
  • 3/2021 – “System and methods for automated computer security policy generation and anomaly detection”, International Granted Patent WO2020069367A1 – link link
  • 1/2020 – “Operational technology Security” – Elsevier’s Network Security Journals – link
  • 3/2019 – “Method and system for data security via entropy and disinformation based information dispersal”, US Published Patent US20200193035A1 – linklink
  • Fall 2019 – “A Paradigm Shift in Data Security” – United States Cybersecurity Magazine – link
  • 7/2019 – “Entropy, disinformation and obfuscation: A paradigm shift to protect your crown jewels” – link
  • “Salted Hashes Demystified” – link
  • 3/2008 – “Cracking LDAP Salted SHA Hashes” – Hakin9 Magazine – link
  • 5/2007 – “Fuzzing XML” – Hakin9 Magazine (5/2007 issue) – link
  • 9/2006 – Technical Editor of “Webster’s New World Hacker Dictionary”, Wiley, ISBN: “978-0-470-04752-1”
  • 6/2006 – “Professional Pen Testing for Web Applications”, Wiley/Wrox Press, ISBN: “978-0-471-78966-6”

Contributing Author

  • 6/2024 – “97 Things Every Application Security Professional Should Know”, O’Reilly Media, ISBN: “978-1-098-15217-8” – linkcover
  • 7/2022 – “A CISO’s Quick Guide to the Boardroom” – Cybersecurity Collaborative – link
  • 11/2021 – “Ensuring DevOps Supply Chain Integrity” – Cybersecurity Collaborative – link
  • “Foresight review of cyber security for the Industrial IoT” (University of Oxford) – link
  • “Ground Truth Competency Assessment for Smart Grid Cyber Security” – link

Featured in

  • 8/2024 – “Egos vs Expertise: The Cybersecurity Divide”, The CXO Secrets (EDS) – link
  • 6/13/2024 – “Managing AI Risks in Corporate Workflows”, AIToday (ISMG) – link
  • 6/12/2024 – “The Effective Pragmatic Security Leader”, Episode #14 – TechCompass – link
  • 11/27/2023 – “Balance and the Human Quality in Cybersecurity”, Episode #6 of The Forgecast – linklink
  • 10/5/2023 – “Navigating a Challenger Cybersecurity Company’s Product to Customers”, Episode 42 of MKG Marketing – link
  • 9/5/2023 – “Hiding Inside Devices: Unveiling Vulnerabilities in Finance, Retail, and Logistics”, Phosphorus IoT Security podcast – link
  • 6/28/2023 – “Episode 2 – Andres Andreu – The role of Art and Judo in his Successful Career in Cybersecurity”, The Storm and the Light – a podcast by Oxeye – link
  • The first edition of “The Modern CISO Network: Board Book”, Lacework (6/2023) – link
  • “RSAC 2023 Special Edition Campfire Chats – Part 2”, The Cyber Ranch Podcast (6/2023) – link
  • “Cybersecurity as an enabler sounds great in theory but is very difficult to achieve in real world practice” (6/2023) – link
  • “RSAC 2023 Special Edition Campfire Chats – Part 1”, The Cyber Ranch Podcast (5/2023) – link
  • “Grit with Andres Andreu”, Barcode Podcast (3/2023) – link
  • “How 2U Inc. Is Fortifying Its Systems and Solutions Designs”, CIO.inc / Information Security Media Group (ISMG) (3/2023) – link
  • “Creating the Safest Learning Environment for the Pupils, Instructors, & Partners”, Digital First Magazine (12/2022) – linklink
  • “2U’s Andres Andreu: Make the human relation possible through security”, SC Magazine (10/2022) – link
  • “Andres Andreu Employs the Judo Career Strategy”, Hispanic Executive (9/2022) – link
  • “Transforming and Securing Education Through Tech”, Cyber Magazine (9/2022) – link
  • “Master of Confidence, Vigilance, and Ease of Mind” (10/2021) – link
  • “The Observatory – United States, 2nd Edition” (2/2019) – link
  • “Bayshore Networks defends against ICS/SCADA malware attacks” – link
  • “The SCADA Patch Problem” – link
  • “Locate a Pin in a Haystack before the Customer Finds” – link
  • “Federation takes identity to the next level” – link
  • “Ogilvy Worldwide says OSS is OK” – link
  • “ID Management Gives Companies Control” – link
  • “Network management goes open source” – link
  • “Ogilvy Harnesses the Web for Its File Transfer System” – link

Some Accolades

Awards

  • 2024 – “Champion in Security: Education” (Portal26 @ RSAC) – linkpic1
  • 2023 – “CISOs Connect™ Top 100 CISOs (C100)” Award – link
  • 2023 – “Top 50 Information Security Professional Award” (OnConferences) – linklinklink
  • 2022 – “10 Best CISOs” (C Level Focus) – link
  • 2020 – Bronze at the “16th Annual Info Security PG’s 2020 Global Excellence Awards”, Category: “Startup of the Year | Security Software” – link
  • 2019 – “CISO / Leader of the Week” – February 22, 2019 – (Cyber Startup Observatory) – link
  • 2009 – one of the Top 100 Premier IT Leaders (Computerworld) – linkpic

Cited

  • Acknowledged in Perl module Crypt::SaltedHash – link
  • Cited in Patent US8769637B2, “Iterated password hash systems and methods for preserving password entropy” – link
  • Cited in “An Overview of Penetration Testing” – link
  • Cited in “Model-Based Penetration Test Framework for Web Applications Using TTCN-3” – link
  • Cited in “Intrusion detection and prevention of web service attacks for software as a service: Fuzzy association rules vs fuzzy associative patterns” – link
  • Cited in “E-business Information Systems Security Design Paradigm and Model” – link
  • Cited in “Defending against XML-related attacks in e-commerce applications with predictive fuzzy associative rules” – link
  • Cited in “Penetration Testing Using SQL Injection to Recognize the Vulnerable Point on Web Pages” – link

Some Speaking engagements

Speaker

  • 9/12/2024 – “How to Partner Business & Security to Successfully Protect the Enterprise” (CISOX New York – linkpic1pic2)
  • 9/15/2023 – Keynote – “How to assess and translate cyber risks into enterprise risk” (Switzerland – Global Cyber Conference, Swiss Cyber Institute – linkpic1pic2)
  • 2/21/2023 – “Attack Surface Management in the Cloud Era: the Many Angles to Consider” – (Executive Insights – blog)
  • 10/18/2022 – “Chief Information Security Officer (CISO) Roundtable” (Auriemma)
  • 3/2/2022 – “Surviving the Golden Age of Ransomware” – (New York CISO Executive Summit – link)
  • 2/2020 – “Data security” – CyberWarriorCon (Fayetteville, NC)
  • 1/2020 – “Active Security for Industrial IoT” – link
  • 4/2019 – “Securing Critical Infrastructure with Active OT Protection” – ICS Cyber Security Conference (Singapore) – link
  • 9/2017 – “The Invisible War” – Closed session on Cyber Warfare for a subset of the UN Security Council (NYC)
  • 6/2015 – “Does Connected Everything Mean Vulnerable Everything?” (NYC)
  • 2010 State of the Art Security – link (NYC)

Panelist

  • 11/6/2024 – “Every CISO Should Do This During Election Season!” (SuperHuman Mindset Podcast – link)
  • 4/25/2024 – “Intelligence Amplified: Data Science’s Role in Cyberthreat Forecasting” (ISMG – linkpic1pic2)
  • 11/16/2023 – “Embracing AI tools across your organisation – ensuring you remain secure” (teissTalklink)
  • 10/11/2023 – “Table Stakes: Exploring Guardrails for LLMs” (San Francisco [Nasdaq Entreprenurial Center] – Securing AI Summit – linkpic1pic2pic3)
  • 9/14/2023 – “Securing the Future: Insights from top CISOs on becoming a CISO, excelling in the role, and navigating the evolving cybersecurity landscape” (Switzerland – Global Cyber Conference, Swiss Cyber Institute – linkpic)
  • 7/25/2023 – “Approaches to Securing ChatGPT That Enable Safe Productivity” (SINETLive – link)
  • 4/24/2023 – “Building Software Supply Chain Security & Trust – from vision to mission” (Elron Ventureslinkpic1pic2)
  • 3/29/2023 – “Building a Modern Application Security Program” (Merlin Ventureslinkpic1)
  • 3/16/2023 – “What Past Geo-Political Events Can Teach Us About Current and Future Cyber Threats” (SINET Silicon Valley 2023 – linkpic1pic2)
  • 11/17/2022 – “CISO Boardroom: The State of the Industry” (Consero Chief Information Security Officer Forum – pic1pic2)
  • 11/3/2022 – “Swerving the big threats to your application security” (teissTalklink)
  • 10/13/2022 – “A CISO’s Guide to Developing an Effective Application Security Program” (Cybersecurity Collaborative – link)
  • 7/7/2022 – “Reducing your attack surface – Zero Trust and microsegmentation” (teissTalklink)
  • 6/21/2022 – “Deter Breaches and Build Resilience Within the Cloud” (New York CISO Executive Summit – link)
  • 2/24/2022 – “The Nexus of Identity, Security and Zero Trust – Lessons Learned and the Path Forward” – link
  • 2/16/2022 – “CISO Developed DevSecOps Supply Chain Best Practices” (Cybersecurity Collaborative) – link