Biography of Andrew Plato, CISSP, CISM, QSA
President / CEO of Anitian
Andrew Plato is an accomplished author, speaker, leader and industry analyst on matters of IT security, risk management and compliance. He is also the founder and CEO of Anitian, the oldest security intelligence firm in the nation.
In 1995, while working at Microsoft on one of the first Internet e-commerce web sites Andrew inadvertently executed a SQL injection attack. This was the first known instance of any such attack. Intrigued with this discovery, Andrew demonstrated the attack to the developers, who quickly dismissed it as irrelevant. SQL Injection is one of the most prevalent attack tactics that hackers use to this day to break into systems and steal data.
This event, and the unusual response of the developers, inspired Andrew to found Anitian, with the goal of elevating the value and influence of information security in an organization.
In 1998, Andrew and the Anitian team worked with Network ICE, a Silicon Valley start-up, to develop the first in-line intrusion prevention system (IPS). In the early 2000s, Anitian was an innovator in network and application penetration testing techniques. More recently, Anitian has played an important role in defining the Unified Threat Management (UTM) and Next-Generation Firewall (NGFW) markets. In 2012, Andrew co-developed a new risk analysis approach, called RiskNow™, which dramatically improves the speed and effectiveness of risk management efforts.
In 2011, Andrew began serving the investment community with industry analysis and market research. Andrew has participated in a number of cybersecurity acquisitions and investment events. Most recently, Andrew provided technical due diligence for Raytheon’s acquisition of Websense and Cisco’s acquisition of OpenDNS.
Over a 20 year history, Andrew and the Anitian team have executed thousands of projects including risk assessments, penetration testing, incident response, PCI compliance and technology integration. Andrew regularly serves as an advisor to C-level executives on matters of risk management and information security.
Andrew was also instrumental in defining Anitian’s practical and pragmatic approach to information security which rejects fear and sensationalism. This approach embraces the time honored tenets of the Scientific Method to deliver effective, realistic and sustainable security solutions.
Andrew is a prolific speaker, author, and commentator on information security. Since 1995, Andrew has presented at over 200 different industry events such as RSA, ISACA CACS, CIO Forum, SecureWorld, EnergySec, and the ISSA national convention. Andrew is known for delivering high-energy, thoughtful presentations that challenge conventional thinking and provide innovative answers to complex security challenges.
Andrew has authored numerous white papers, articles, and manuals on information security. These articles have appeared in Information Security magazine, eForensics, TechTarget, CIO magazine and others. Andrew is regularly quoted as an industry expert on MSNBC, CNBC, Fox News, TechTarget, Channel Insider and many other media outlets.
Andrew is a Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Qualified Security Assessor (QSA) for PCI compliance, and he holds numerous other technical and industry certifications.
Mr. Plato holds a Bachelor of Arts degree from the University of Arizona and resides in Portland, Oregon.