About Me

Andres Andreu


About Me – Andres Andreu – Cybersecurity Leader – my career has spanned federal government service, corporate America, global consulting, the start up world, the cybersecurity product space, and executive advising.

Linkedin: Andres Andreu, CISSP-ISSAP, QTE

ORCID: https://orcid.org/0009-0003-1393-8356

CISSP – Certificate
CISSP-ISSAP – Certificate
Boardroom Certified Qualified Technology Expert – Certificate
Risk Reporting to the Board – Certificate

Appearances

For appearances (Talks, Keynotes, Panels, Interviews, and Podcasts) – https://andresandreu.tech/andres-andreu-appearances/

Publications

Selected publications, newest first. Older items are grouped by year.

Some Publications

Author

  • 9/2025 – “The CISOs first 90 days – A practical agenda for decision advantage”, The EDP Audit, Control, and Security Newsletter (EDPACS) – link
  • 9/2025 – “Security Chaos Engineering for CISOs – The Strategic Edge Against Modern Threats”, Cyber Defense Magazine (September 2025) – link
  • 8/2025 – “Security Chaos Engineering: Weaponizing chaos for modern CISOs”, SC Media – link
  • 8/2025 – “Identity Risk Intelligence – The Missing Piece in Continuous Threat Exposure Management (CTEM)”, Cyber Defense Magazine (August 2025) – link
  • 7/2025 – “The Rise of Identity Risk Intelligence”, Cyber Defense Magazine – 2025 Special Edition RSAC Conference – linklink
  • 11/2024 – “The CISO Playbook”, CRC Press, ISBN: “978-1-032-76207-4” – link
  • 7/2024 – “Cybersecurity Can Be a Businesses Enabler” – BankInfo Security (ISMG) – link
  • Fall 2022 – “Through the Lens of a CISO” – United States Cybersecurity Magazine – link
  • 8/2022 – “Protecting Critical Space Assets from Cyber Threats” – Education Technology Insights – link
  • 3/2021 – “System and methods for automated computer security policy generation and anomaly detection”, International Granted Patent WO2020069367A1 – link link
  • 1/2020 – “Operational technology Security” – Elsevier’s Network Security Journals – link
  • 3/2019 – “Method and system for data security via entropy and disinformation based information dispersal”, US Published Patent US20200193035A1 – linklink
  • Fall 2019 – “A Paradigm Shift in Data Security” – United States Cybersecurity Magazine – link
  • 7/2019 – “Entropy, disinformation and obfuscation: A paradigm shift to protect your crown jewels” – link
  • 3/2008 – “Cracking LDAP Salted SHA Hashes” – Hakin9 Magazine – link
  • 5/2007 – “Fuzzing XML” – Hakin9 Magazine (5/2007 issue) – link
  • 9/2006 – Technical Editor of “Webster’s New World Hacker Dictionary”, Wiley, ISBN: “978-0-470-04752-1”
  • 6/2006 – “Professional Pen Testing for Web Applications”, Wiley/Wrox Press, ISBN: “978-0-471-78966-6”
  • 1/2005 – “Salted Hashes Demystified” – link

Contributing Author

  • 6/2024 – “97 Things Every Application Security Professional Should Know”, O’Reilly Media, ISBN: “978-1-098-15217-8” – linkcover
  • 7/2020 – “Foresight review of cyber security for the Industrial IoT” (University of Oxford) – link
  • 5/2012 – “Ground Truth Competency Assessment for Smart Grid Cyber Security” – link

Some Accolades

Awards

  • 2025 – Finalist “SANS Difference Maker Awards” (Category: CISO of the Year) – link
  • 2024 – “Champion in Security: Education” (Portal26 @ RSAC) – linkpic1
  • 2023 – “CISOs Connect™ Top 100 CISOs (C100)” Award – link
  • 2023 – “Top 50 Information Security Professional Award” (OnConferences) – linklinklink
  • 2022 – “10 Best CISOs” (C Level Focus) – link
  • 2009 – One of the Top 100 Premier IT Leaders (Computerworld) – linkpic

Cited

  • Acknowledged in Perl module Crypt::SaltedHash – link
  • Cited in Patent US8769637B2, “Iterated password hash systems and methods for preserving password entropy” – link
  • Cited in “An Overview of Penetration Testing” – link
  • Cited in “Model-Based Penetration Test Framework for Web Applications Using TTCN-3” – link
  • Cited in “Intrusion detection and prevention of web service attacks for software as a service: Fuzzy association rules vs fuzzy associative patterns” – link
  • Cited in “E-business Information Systems Security Design Paradigm and Model” – link
  • Cited in “Defending against XML-related attacks in e-commerce applications with predictive fuzzy associative rules” – link
  • Cited in “Penetration Testing Using SQL Injection to Recognize the Vulnerable Point on Web Pages” – link
  • Locate a Pin in a Haystack before the Customer Finds” – link